CVE-2014-4617
EPSS 8.0%gnupg2 - security update
發布日:2014/6/25修改日:2026/4/28
也稱為:DEBIAN-CVE-2014-4617
描述
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.
受影響套件(5)
- Debian/gnupgfrom 0, < 1.4.10-4+squeeze5
- Debian/gnupgfrom 0, < 1.4.12-7+deb7u4
- Debian/gnupg2from 0, < 2.0.24-1
- Debian/gnupg2from 0, < 2.0.14-2+squeeze2
- Debian/gnupg2from 0, < 2.0.19-2+deb7u2