A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14855 | Issue Tracking Third Party Advisory |
https://dev.gnupg.org/T4755 | Vendor Advisory |
https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html | Mailing List Release Notes Vendor Advisory |
https://rwc.iacr.org/2020/slides/Leurent.pdf | Exploit Third Party Advisory |
https://usn.ubuntu.com/4516-1/ | Third Party Advisory |
Configurations
History
29 Oct 2021, 15:53
Type | Values Removed | Values Added |
---|---|---|
References | (UBUNTU) https://usn.ubuntu.com/4516-1/ - Third Party Advisory | |
CPE | cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* | |
CWE | CWE-326 |
Information
Published : 2020-03-20 16:15
Updated : 2023-12-10 13:27
NVD link : CVE-2019-14855
Mitre link : CVE-2019-14855
CVE.ORG link : CVE-2019-14855
JSON object : View
Products Affected
canonical
- ubuntu_linux
gnupg
- gnupg
fedoraproject
- fedora
CWE
CWE-326
Inadequate Encryption Strength