python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
|
History
07 Nov 2023, 03:13
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
06 Apr 2022, 18:27
Type | Values Removed | Values Added |
---|---|---|
References | (BUGTRAQ) https://seclists.org/bugtraq/2019/Jan/41 - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25/ - Broken Link | |
References | (BID) http://www.securityfocus.com/bid/106756 - Broken Link | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47/ - Broken Link | |
References | (MISC) https://pypi.org/project/python-gnupg/#history - Product, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II/ - Broken Link | |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
28 Dec 2021, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (BUGTRAQ) https://seclists.org/bugtraq/2019/Jan/41 - Exploit, Issue Tracking, Third Party Advisory, Mailing List | |
References | (BID) http://www.securityfocus.com/bid/106756 - VDB Entry, Third Party Advisory |
Information
Published : 2019-03-21 16:01
Updated : 2023-12-10 12:59
NVD link : CVE-2019-6690
Mitre link : CVE-2019-6690
CVE.ORG link : CVE-2019-6690
JSON object : View
Products Affected
opensuse
- leap
canonical
- ubuntu_linux
suse
- backports
- linux_enterprise
python
- python-gnupg
debian
- debian_linux
CWE
CWE-20
Improper Input Validation