CVE-2018-12020

HIGH

GnuPG <2.2.8 - Info Disclosure

Title source: llm

Description

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.

References (21)

[Third Party Advisory] https://usn.ubuntu.com/3675-2/

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:2180

[Mailing List, Vendor Advisory] https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html

[Mailing List, Third Party Advisory] http://openwall.com/lists/oss-security/2018/06/08/2

[Third Party Advisory] https://www.debian.org/security/2018/dsa-4222

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:2181

[Third Party Advisory] https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

[Third Party Advisory] https://www.debian.org/security/2018/dsa-4224

[Broken Link] http://www.securityfocus.com/bid/104450

[Third Party Advisory] https://www.debian.org/security/2018/dsa-4223

[Third Party Advisory] https://usn.ubuntu.com/3675-3/

[Broken Link] http://www.securitytracker.com/id/1041051

[Third Party Advisory] https://usn.ubuntu.com/3675-1/

[Patch, Vendor Advisory] https://dev.gnupg.org/T4012

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2019/04/30/4

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2019/Apr/38

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html

[Third Party Advisory] https://usn.ubuntu.com/3964-1/

[Technical Description, Third Party Advisory] https://github.com/RUB-NDS/Johnny-You-Are-Fired

View Writeup ZIP pw:eip

[Technical Description, Third Party Advisory] https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf

... and 1 more

Scores

CVSS v3 7.5

EPSS 0.0173

EPSS Percentile 82.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-706

Status published

Products (20)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 17.10

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 18.10

canonical/ubuntu_linux 19.04

debian/debian_linux 8.0

debian/debian_linux 9.0

gnupg/gnupg < 2.2.8

... and 10 more

Published Jun 08, 2018

Tracked Since Feb 18, 2026