CVE-2003-0978

GnuPG < 1.2.3 and <= 1.3.3 - Format String Vulnerability in gpgkeys_hkp

Title source: llm
STIX 2.1

Description

Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval.

References (4)

Core 4
Core References
Various Sources x_refsource_misc
http://www.s-quadra.com/advisories/Adv-20031203.txt
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2003_048_gpg.html
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107047470625214&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13892

Scores

EPSS 0.0212
EPSS Percentile 84.3%

Details

Status published
Products (5)
gnu/privacy_guard 1.2
gnu/privacy_guard 1.2.1
gnu/privacy_guard 1.2.2 (2 CPE variants)
gnu/privacy_guard 1.2.3
gnu/privacy_guard 1.3.3
Published Jan 05, 2004
Tracked Since Feb 18, 2026