CVE-2002-0685 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Desktop Security

2 documents2 sources

Severity

7.5HIGHNVD

EPSS

1.3%

top 20.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PGP Desktop Security PGP Freeware PGP Personal Security

Timeline

PublishedJul 23

Latest updateApr 30

Description

Heap-based buffer overflow in the message decoding functionality for PGP Outlook Encryption Plug-In, as used in NAI PGP Desktop Security 7.0.4, Personal Security 7.0.3, and Freeware 7.0.3, allows remote attackers to modify the heap and gain privileges via a large, malformed mail message.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDpgp/desktop_security7.0.4

▶NVDpgp/personal_security7.0.3

▶NVDpgp/freeware7.0.3

Patches

Patch: download.nai.com ↗Patch: download.nai.com ↗

🔴Vulnerability Details

GHSA

GHSA-ggr4-p8gq-667w: Heap-based buffer overflow in the message decoding functionality for PGP Outlook Encryption Plug-In, as used in NAI PGP Desktop Security 7↗2022-04-30

▶