CVE-2000-0974

5 documents5 sources
Severity
7.5HIGH
EPSS
1.8%
top 17.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Privacy Guard
Timeline
PublishedDec 19
Latest updateMay 3

Description

GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

â–¶NVDgnu/privacy_guard4 versions+3

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

2
GHSA
GHSA-grh4-x8rv-hcvv: GnuPG (gpg) 1↗2022-05-03
â–¶
CVEList
CVE-2000-0974: GnuPG (gpg) 1↗2001-01-22
â–¶

📋Vendor Advisories

1
Red Hat
security flaw↗2000-10-11
â–¶

💬Community

1
Bugzilla
CVE-2000-0974 security flaw↗2018-08-16
â–¶
CVE-2000-0974 (HIGH CVSS 7.5) | GnuPG (gpg) 1.0.3 does not properly | cvebase.io