Back to search
CVE-2019-6690
Published: Mar 17, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
106756
vdb-entry
x_refsource_BID
https://pypi.org/project/python-gnupg/#history
x_refsource_MISC
SU-2019:0143-1
vendor-advisory
x_refsource_SUSE
SUSE-SU-2019:0239-1
vendor-advisory
x_refsource_SUSE
[SECURITY] [DLA 1675-1] 20190214 python-gnupg security update
mailing-list
x_refsource_MLIST
20190125 CVE-2019-6690: Improper Input Validation in python-gnupg
mailing-list
x_refsource_BUGTRAQ
USN-3964-1
vendor-advisory
x_refsource_UBUNTU
FEDORA-2019-06f5bbdaf5
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-17fb3273b2
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-e67d007a67
vendor-advisory
x_refsource_FEDORA
[debian-lts-announce] 20211228 [SECURITY] [DLA 2862-1] python-gnupg security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now