Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0522

6 documents6 sources

Severity

7.5HIGH

EPSS

11.1%

top 6.53%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

GNU Privacy Guard

Timeline

PublishedAug 14

Latest updateApr 30

Description

Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDgnu/privacy_guard7.1, 7.2, 8.0+2

Patches

Patch: www.linux-mandrake.com ↗Patch: www.linux-mandrake.com ↗

🔴Vulnerability Details

GHSA

GHSA-59h7-cqx3-mx33: Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1↗2022-04-30

▶

CVEList

CVE-2001-0522: Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1↗2002-03-09

▶

💥Exploits & PoCs

Exploit-DB

GNU Privacy Guard 1.0.x - Format String↗2001-05-29

▶

📋Vendor Advisories

Red Hat

security flaw↗2001-05-29

▶

💬Community

Bugzilla

CVE-2001-0522 security flaw↗2018-08-16

▶