CVE-2013-4351
EPSS 1.3%gnupg2 - several
發布日:2013/10/10修改日:2026/4/28
也稱為:DEBIAN-CVE-2013-4351
描述
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.
受影響套件(3)
- Debian/gnupgfrom 0, < 1.4.10-4+squeeze3
- Debian/gnupg2from 0, < 2.0.22-1
- Debian/gnupg2from 0, < 2.0.14-2+squeeze2