Researchers from Ruhr-Universität Bochum (RUB) and NDS

1 exploit Active since Jun 2018
CVE-2018-12020 WRITEUP HIGH WRITEUP
GnuPG <2.2.8 - Info Disclosure
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
CVSS 7.5