CVE-2019-6690

HIGH LAB

python-gnupg 0.4.3 - Improper Input Validation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-6690. PoCs published by brianwrf, stigtsp.

AI-analyzed exploit summary This PoC exploits CVE-2019-6690, an improper input validation vulnerability in python-gnupg versions 0.4.3 and below. It demonstrates how an attacker can inject malicious data into GPG-encrypted messages, leading to arbitrary command execution during decryption.

Description

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.

Exploits (2)

nomisec WORKING POC 6 stars
by brianwrf · poc
https://github.com/brianwrf/CVE-2019-6690

This PoC exploits CVE-2019-6690, an improper input validation vulnerability in python-gnupg versions 0.4.3 and below. It demonstrates how an attacker can inject malicious data into GPG-encrypted messages, leading to arbitrary command execution during decryption.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: python-gnupg 0.4.3 and below
No auth needed
Prerequisites: Vulnerable python-gnupg version · Network access to the target service
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by stigtsp · poc
https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability

This repository contains a proof-of-concept exploit for CVE-2019-6690, which leverages improper input validation in python-gnupg 0.4.3 to inject data via newline characters in passphrases, allowing manipulation of ciphertext/plaintext during encryption/decryption.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: python-gnupg 0.4.3
No auth needed
Prerequisites: python-gnupg 0.4.3 installed · access to a vulnerable application using symmetric encryption
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Broken Link vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106756
Product, Third Party Advisory x_refsource_misc
https://pypi.org/project/python-gnupg/#history
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/02/msg00021.html
Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Jan/41
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3964-1/
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html

Scores

CVSS v3 7.5
EPSS 0.2143
EPSS Percentile 95.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Lab Environment

COMMUNITY
Community Lab
docker pull mintproject/base-ubuntu18

Details

CWE
CWE-20
Status published
Products (9)
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 18.10
canonical/ubuntu_linux 19.04
debian/debian_linux 8.0
debian/debian_linux 9.0
opensuse/leap 15.0
pypi/python-gnupg 0 - 0.4.4PyPI
python/python-gnupg 0.4.3
suse/backports
Published Mar 21, 2019
Tracked Since Feb 18, 2026