CVE-2014-4617

GnuPG < 1.4.17 and < 2.0.24 - Denial of Service via Malformed Compressed Packets

Title source: llm
STIX 2.1

Description

The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.

References (13)

Core 13
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59351
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59578
Mailing List, Vendor Advisory mailing-list x_refsource_mlist
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2967
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2258-1
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2968
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59534
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59213
Mailing List, Vendor Advisory mailing-list x_refsource_mlist
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html

Scores

EPSS 0.0331
EPSS Percentile 87.1%

Details

CWE
CWE-20
Status published
Products (50)
debian/debian_linux 7.0
gnupg/gnupg 2.0
gnupg/gnupg 2.0.1
gnupg/gnupg 2.0.3
gnupg/gnupg 2.0.4
gnupg/gnupg 2.0.5
gnupg/gnupg 2.0.6
gnupg/gnupg 2.0.7
gnupg/gnupg 2.0.8
gnupg/gnupg 2.0.10
... and 40 more
Published Jun 25, 2014
Tracked Since Feb 18, 2026