Back to search
CVE-2003-0255
Published: May 7, 2003
Modified: Aug 8, 2024
PUBLISHED
Description
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
TLSA200334
vendor-advisory
x_refsource_TURBO
RHSA-2003:175
vendor-advisory
x_refsource_REDHAT
4947
vdb-entry
x_refsource_OSVDB
oval:org.mitre.oval:def:135
vdb-entry
signature
x_refsource_OVAL
20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)
mailing-list
x_refsource_BUGTRAQ
7497
vdb-entry
x_refsource_BID
20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)
mailing-list
x_refsource_BUGTRAQ
MDKSA-2003:061
vendor-advisory
x_refsource_MANDRAKE
gnupg-invalid-key-acceptance(11930)
vdb-entry
x_refsource_XF
CLA-2003:694
vendor-advisory
x_refsource_CONECTIVA
RHSA-2003:176
vendor-advisory
x_refsource_REDHAT
20030515-016
vendor-advisory
x_refsource_ENGARDE
ESA-20030515-016
vendor-advisory
x_refsource_ENGARDE
VU#397604
third-party-advisory
x_refsource_CERT-VN
20030504 Key validity bug in GnuPG 1.2.1 and earlier
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now