← Back

CVE-2019-14855

nvd nist
Published: Mar 20, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

Affected (4)

Gnupg
1 product
Gnupg
Fedoraproject
1 product
Fedora
Canonical
1 product
Ubuntu Linux
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Gnupg
Before 2.2.18
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 30
Fedora
Version 31
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Ubuntu Linux
Version 18.04

Related CWEs

CWE-326
Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (10)

Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Mailing ListRelease NotesVendor Advisory
Source: secalert@redhat.com
ExploitThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListRelease NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.