CVE-2012-6085

Published: Jan 24, 2013Modified: Apr 29, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.

Affected (27)

Products: Gnupg: Gnupg

1 product

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Gnupg Gnupg	Version 1.4.0
Gnupg Gnupg	Version 1.4.10
Gnupg Gnupg	Version 1.4.11
Gnupg Gnupg	Version 1.4.12
Gnupg Gnupg	Version 1.4.2
Gnupg Gnupg	Version 1.4.3
Gnupg Gnupg	Version 1.4.4
Gnupg Gnupg	Version 1.4.5
Gnupg Gnupg	Version 1.4.8

Configuration B

18 vulnerable

Vulnerable Software	Affected Versions
Gnupg Gnupg	Version 2.0.10
Gnupg Gnupg	Version 2.0.11
Gnupg Gnupg	Version 2.0.12
Gnupg Gnupg	Version 2.0.13
Gnupg Gnupg	Version 2.0.14
Gnupg Gnupg	Version 2.0.15
Gnupg Gnupg	Version 2.0.16
Gnupg Gnupg	Version 2.0.17
Gnupg Gnupg	Version 2.0.18
Gnupg Gnupg	Version 2.0.19
Gnupg Gnupg	Version 2.0.1
Gnupg Gnupg	Version 2.0.3
Gnupg Gnupg	Version 2.0.4
Gnupg Gnupg	Version 2.0.5
Gnupg Gnupg	Version 2.0.6
Gnupg Gnupg	Version 2.0.7
Gnupg Gnupg	Version 2.0.8
Gnupg Gnupg	Version 2.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (22)

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-1459.html

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2013:001

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/01/01/6

Source: secalert@redhat.com

http://www.securityfocus.com/bid/57102

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-1682-1

Source: secalert@redhat.com

https://bugs.g10code.com/gnupg/issue1455

Source: secalert@redhat.com

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=891142

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/80990

Source: secalert@redhat.com

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-1459.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2013:001

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2013/01/01/6

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/57102

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1682-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.g10code.com/gnupg/issue1455

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=891142

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/80990

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.