cbcvebase.
CVE-2006-0455
published 2006-02-15

CVE-2006-0455: gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does…

PriorityP416medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
1.33%
67.5th percentile
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".

Affected

24 ranges
VendorProductVersion rangeFixed in
debiangnupg2
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard

CVSS provenance

nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.