CVE-2005-2023

CWE-328 CWE-916 CWE-327 — Broken Cryptographic Algorithm8 documents7 sources

Severity

10.0CRITICAL

EPSS

0.5%

top 35.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Suse Linux

Timeline

PublishedJun 17

Latest updateOct 25

Description

The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent pinentry from being found and causes S/MIME signing to fail.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDsuse/suse_linux9.3

▶Debiangnupg2< 1.9.15-1+3

Patches

Patch: www.novell.com ↗Patch: www.novell.com ↗

🔴Vulnerability Details

GHSA

crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard↗2023-10-25

▶

GHSA

crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard↗2023-10-25

▶

GHSA

GHSA-5phw-pq6g-29m4: The send_pinentry_environment function in asshelp↗2022-05-01

▶

CVEList

CVE-2005-2023: The send_pinentry_environment function in asshelp↗2005-06-21

▶

OSV

CVE-2005-2023: The send_pinentry_environment function in asshelp↗2005-06-17

▶

📋Vendor Advisories

Red Hat

crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard↗2023-10-25

▶

Debian

CVE-2005-2023: gnupg2 - The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 do...↗2005

▶