CVE-2018-12020: mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output…

high7.5CVSS 3.1

AVNACLPRNUINSUCNIHAN

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.

Affected

29 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	enigmail	< enigmail 2:2.0.7-1 (bullseye)	enigmail 2:2.0.7-1 (bullseye)
debian	gnupg1	< enigmail 2:2.0.7-1 (bullseye)	enigmail 2:2.0.7-1 (bullseye)
debian	gnupg2	< enigmail 2:2.0.7-1 (bullseye)	enigmail 2:2.0.7-1 (bullseye)
enigmail	enigmail	>= 0 < 2:2.0.7-1	2:2.0.7-1
gnupg	gnupg	< 2.2.8	2.2.8
gnupg	gnupg	>= 0 < 1.4.16-1ubuntu2.5	1.4.16-1ubuntu2.5
gnupg	gnupg	>= 0 < 1.4.20-1ubuntu3.2	1.4.20-1ubuntu3.2
python-gnupg_project	python-gnupg	>= 0 < 0.4.1-1ubuntu1.18.04.1	0.4.1-1ubuntu1.18.04.1
python-gnupg_project	python-gnupg	>= 0 < 0.3.6-1ubuntu0.1~esm1	0.3.6-1ubuntu0.1~esm1
python-gnupg_project	python-gnupg	>= 0 < 0.3.8-2ubuntu0.1~esm1	0.3.8-2ubuntu0.1~esm1
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_eus	—	—

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

osv7.5HIGH