CVE-2003-0971

CWE-4226 documents6 sources

Severity

5.0MEDIUM

EPSS

2.3%

top 15.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Privacy Guard

Timeline

PublishedDec 15

Latest updateMay 3

Description

GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDgnu/privacy_guard11 versions+10

Patches

Patch: lists.gnupg.org ↗Patch: lists.gnupg.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-3rmj-3mrh-fv5j: GnuPG (GPG) 1↗2022-05-03

▶

CVEList

CVE-2003-0971: GnuPG (GPG) 1↗2003-12-02

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-11-27

▶

📐Framework References

CWE

Unprotected Windows Messaging Channel ('Shatter')

▶

💬Community

Bugzilla

CVE-2003-0971 security flaw↗2018-08-16

▶