CVE-2012-6085

EPSS 2.3%

gnupg - missing input sanitation

Published: 1/24/2013Modified: 4/28/2026

Also known as:DEBIAN-CVE-2012-6085

Description

The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.

Affected packages (3)

Debian/gnupgfrom 0, < 1.4.10-4+squeeze1
Debian/gnupg2from 0, < 2.0.19-2
Debian/gnupg2from 0, < 2.0.14-2+squeeze1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-6085