CVE-2006-0049

12 documents7 sources
Severity
5.0MEDIUM
EPSS
4.5%
top 10.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Privacy Guard
Timeline
PublishedMar 13
Latest updateMay 3

Description

gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgnu/privacy_guard23 versions+22

Patches

Patch: lists.gnupg.orgPatch: secunia.comPatch: securitytracker.com

🔴Vulnerability Details

2
GHSA
GHSA-c5p7-4hq8-gm4c: gpg in GnuPG before 12022-05-03
CVEList
CVE-2006-0049: gpg in GnuPG before 12006-03-13

📋Vendor Advisories

3
Ubuntu
gnupg vulnerability2006-04-04
Red Hat
security flaw2006-03-09
Debian
CVE-2006-0049: gnupg2 - gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, wh...2006

💬Community

6
Bugzilla
CVE-2006-0049 security flaw2018-08-16
Bugzilla
CVE-2006-0049 Gnupg incorrect malformed message verification2006-03-13
Bugzilla
CVE-2006-0049, CVE-2006-0455 GnuPG signature verification bugs2006-03-13
Bugzilla
CVE-2006-0049 Gnupg incorrect malformed message verification2006-03-10
Bugzilla
CVE-2006-0049 Gnupg incorrect malformed message verification2006-03-09
CVE-2006-0049 (MEDIUM CVSS 5) | gpg in GnuPG before 1.4.2.2 does no | cvebase.io