GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victims keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gnupg | Gnupg | * | 2.3.6 (including) |