CVE-2001-0072

5 documents5 sources
Severity
5.0MEDIUM
EPSS
1.0%
top 23.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Privacy Guard
Timeline
PublishedFeb 12
Latest updateApr 30

Description

gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgnu/privacy_guard5 versions+4

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-7774-m57j-3qmq: gpg (aka GnuPG) 12022-04-30
CVEList
CVE-2001-0072: gpg (aka GnuPG) 12001-05-07

📋Vendor Advisories

1
Red Hat
security flaw2000-12-19

💬Community

1
Bugzilla
CVE-2001-0072 security flaw2018-08-16
CVE-2001-0072 (MEDIUM CVSS 5) | gpg (aka GnuPG) 1.0.4 and other ver | cvebase.io