Description
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.
References (6)
Core 6
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.opensuse.org/show_bug.cgi?id=1176034
Patch, Vendor Advisory x_refsource_misc
https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc
Vendor Advisory x_refsource_misc
https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html
Mailing List x_refsource_misc
https://dev.gnupg.org/T5050
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/09/03/4
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/09/03/5
Scores
CVSS v3
7.8
EPSS
0.0042
EPSS Percentile
62.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-120
Status
published
Products (3)
gnupg/gnupg
2.2.21
gnupg/gnupg
2.2.22
gpg4win/gpg4win
3.1.12
Published
Sep 03, 2020
Tracked Since
Feb 18, 2026