Description
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."
References (9)
Core 9
Core References
Third Party Advisory x_refsource_misc
https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html
Mailing List, Release Notes, Vendor Advisory x_refsource_misc
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2015/02/13/14
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2015/02/14/6
Mailing List, Release Notes, Vendor Advisory x_refsource_misc
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html
Mailing List, Release Notes, Vendor Advisory x_refsource_misc
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html
Various Sources x_refsource_misc
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392
Third Party Advisory x_refsource_misc
http://www.ubuntu.com/usn/usn-2554-1/
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/72610
Scores
CVSS v3
5.5
EPSS
0.0247
EPSS Percentile
82.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (5)
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
14.10
gnupg/gnupg
< 1.4.19
Published
Nov 20, 2019
Tracked Since
Feb 18, 2026