CVE-2011-2207 — Improper Certificate Validation in Dirmngr

CWE-295 — Improper Certificate Validation5 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

1.4%

top 19.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnupg Dirmngr Debian Linux +1 more

Timeline

PublishedNov 27

Latest updateApr 22

Description

dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5dirmngr/dirmngr1.1.0, fixed in 2.1.0+1

▶NVDgnupg/gnupg< 2.1.0

Also affects: Debian Linux 8.0, Enterprise Linux 6.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-5j88-3pcx-mp3f: dirmngr before 2↗2022-04-22

▶

CVEList

CVE-2011-2207: dirmngr before 2↗2019-11-27

▶

📋Vendor Advisories

Red Hat

dirmngr: Improper dealing with blocking system calls, when verifying a certificate↗2011-05-20

▶

💬Community

Bugzilla

CVE-2011-2207 dirmngr: Improper dealing with blocking system calls, when verifying a certificate↗2011-06-03

▶