CVE-2019-6690 — Improper Input Validation in Project Python-gnupg
Severity
7.5HIGHNVD
EPSS
21.4%
top 4.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedMar 21
Latest updateMar 15
Description
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages5 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 18.04, 18.10, 19.04
🔴Vulnerability Details
7OSV▶
Duplicate Advisory: python-gnupg allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended↗2020-03-13
📋Vendor Advisories
4Red Hat
▶
Debian▶
CVE-2019-6690: python-gnupg - python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt ...↗2019
💬Community
4Bugzilla▶
CVE-2019-6690 python-gnupg: improper input validation in gnupg.GPG.encrypt() and gnupg.GPG.decrypt() [epel-7]↗2019-01-29
Bugzilla▶
CVE-2019-6690 python-gnupg: improper input validation in gnupg.GPG.encrypt() and gnupg.GPG.decrypt() [fedora-all]↗2019-01-29
Bugzilla▶
CVE-2019-6690 python-gnupg: improper input validation in gnupg.GPG.encrypt() and gnupg.GPG.decrypt() [epel-6]↗2019-01-29
Bugzilla▶
CVE-2019-6690 python-gnupg: improper input validation in gnupg.GPG.encrypt() and gnupg.GPG.decrypt()↗2019-01-29