CVE-2014-4617
GnuPG < 1.4.17 and < 2.0.24 - Denial of Service via Malformed Compressed Packets
Title source: llmDescription
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.
References (13)
Core 13
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59351
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59578
Mailing List, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2967
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html
Various Sources x_refsource_confirm
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=014b2103fcb12f261135e3954f26e9e07b39e342
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2258-1
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2968
Various Sources x_refsource_confirm
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59534
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59213
Mailing List, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html
Scores
EPSS
0.0331
EPSS Percentile
87.1%
Details
CWE
CWE-20
Status
published
Products (50)
debian/debian_linux
7.0
gnupg/gnupg
2.0
gnupg/gnupg
2.0.1
gnupg/gnupg
2.0.3
gnupg/gnupg
2.0.4
gnupg/gnupg
2.0.5
gnupg/gnupg
2.0.6
gnupg/gnupg
2.0.7
gnupg/gnupg
2.0.8
gnupg/gnupg
2.0.10
... and 40 more
Published
Jun 25, 2014
Tracked Since
Feb 18, 2026