CVE-2015-1607
Publication date 16 February 2015
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."
Status
Package | Ubuntu Release | Status |
---|---|---|
gnupg | ||
14.04 LTS trusty |
Fixed 1.4.16-1ubuntu2.3
|
|
gnupg2 | ||
14.04 LTS trusty |
Fixed 2.0.22-3ubuntu1.3
|
|
Patch details
Package | Patch details |
---|---|
gnupg | |
gnupg2 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 · Medium |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-2554-1
- GnuPG vulnerabilities
- 1 April 2015