CVE-2019-6690
N/A
N/A
Summary
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/106756
- http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html
- https://pypi.org/project/python-gnupg/#history
- http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.html
- https://lists.debian.org/debian-lts-announce/2019/02/msg00021.html
- https://seclists.org/bugtraq/2019/Jan/41
- https://blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability/
- https://usn.ubuntu.com/3964-1/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47/
- https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html
References
- http://www.securityfocus.com/bid/106756
- http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html
- https://pypi.org/project/python-gnupg/#history
- http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.html
- https://lists.debian.org/debian-lts-announce/2019/02/msg00021.html
- https://seclists.org/bugtraq/2019/Jan/41
- https://blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability/
- https://usn.ubuntu.com/3964-1/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47/
- https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.