← Back

CVE-2010-3618

nvd nist
Published: Nov 22, 2010Modified: Apr 29, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a "piggy-back" or "unsigned data injection" issue.

Affected (12)

Pgp
2 products
Desktop For Windows
Desktop For Mac
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Pgp
Desktop For Windows
Up to 10.0.3
Desktop For Windows
Version 10.0.0
Desktop For Windows
Version 10.0.1
Desktop For Windows
Version 10.0.2
Desktop For Windows
Version 10.0.3
Desktop For Windows
Version 10.1.0
Configuration B
6 vulnerable
Vulnerable SoftwareAffected Versions
Pgp
Desktop For Mac
Up to 10.0.3
Desktop For Mac
Version 10.0.0
Desktop For Mac
Version 10.0.1
Desktop For Mac
Version 10.0.2
Desktop For Mac
Version 10.0.3
Desktop For Mac
Version 10.1.0

Related CWEs

CWE-310
CWE-310

References (16)

Source: cret@cert.org
Source: cret@cert.org
Source: cret@cert.org
Exploit
Source: cret@cert.org
US Government Resource
Source: cret@cert.org
Source: cret@cert.org
Source: cret@cert.org
Source: cret@cert.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.