CVE-2022-34903

Published: Jul 1, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.openwall.com/lists/oss-security/2022/06/30/1

x_refsource_MISC

https://bugs.debian.org/1014157

x_refsource_MISC

https://dev.gnupg.org/T6027

x_refsource_MISC

[oss-security] 20220702 Re: GnuPG signature spoofing via status line injection

mailing-list

x_refsource_MLIST

DSA-5174

vendor-advisory

x_refsource_DEBIAN

FEDORA-2022-aa14d396dd

vendor-advisory

x_refsource_FEDORA

FEDORA-2022-1124e5882d

vendor-advisory

x_refsource_FEDORA

FEDORA-2022-0dbfb7e270

vendor-advisory

x_refsource_FEDORA

FEDORA-2022-1747eea46c

vendor-advisory

x_refsource_FEDORA

https://security.netapp.com/advisory/ntap-20220826-0005/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-34903

Description

Affected Products

References