CVE-2019-13050
published 2019-06-29CVE-2019-13050: Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | traffix_signaling_delivery_controller | 5.0.0 – 5.1.0 | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| gnupg | gnupg | <= 2.2.16 | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| sks_keyserver_project | sks_keyserver | <= 1.2.0 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH