CVE-2012-6085

The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
gnupggnupg
1.4.0
gnupggnupg
1.4.2
gnupggnupg
1.4.3
gnupggnupg
1.4.4
gnupggnupg
1.4.5
gnupggnupg
1.4.8
gnupggnupg
1.4.10
gnupggnupg
1.4.11
gnupggnupg
1.4.12
gnupggnupg
2.0
gnupggnupg
2.0.1
gnupggnupg
2.0.3
gnupggnupg
2.0.4
gnupggnupg
2.0.5
gnupggnupg
2.0.6
gnupggnupg
2.0.7
gnupggnupg
2.0.8
gnupggnupg
2.0.10
gnupggnupg
2.0.11
gnupggnupg
2.0.12
gnupggnupg
2.0.13
gnupggnupg
2.0.14
gnupggnupg
2.0.15
gnupggnupg
2.0.16
gnupggnupg
2.0.17
gnupggnupg
2.0.18
gnupggnupg
2.0.19
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnupg2
bookworm
2.2.40-1.1
fixed
bullseye
2.2.27-2+deb11u2
fixed
bullseye (security)
2.2.27-2+deb11u2
fixed
sid
2.2.45-2
fixed
trixie
2.2.44-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnupg
hardy
Fixed 1.4.6-2ubuntu5.2
released
lucid
Fixed 1.4.10-2ubuntu1.2
released
oneiric
Fixed 1.4.11-3ubuntu1.11.10.2
released
precise
Fixed 1.4.11-3ubuntu2.2
released
quantal
Fixed 1.4.11-3ubuntu4.1
released
gnupg2
hardy
ignored
lucid
Fixed 2.0.14-1ubuntu1.5
released
oneiric
Fixed 2.0.17-2ubuntu2.11.10.2
released
precise
Fixed 2.0.17-2ubuntu2.12.04.2
released
quantal
Fixed 2.0.17-2ubuntu3.1
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
gnupg2
RHEL 6
0:2.0.14-6.el6_4
fixed
gnupg2-smime
RHEL 6
0:2.0.14-6.el6_4
fixed
Common Weakness Enumeration
References
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html
http://rhn.redhat.com/errata/RHSA-2013-1459.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:001
http://www.openwall.com/lists/oss-security/2013/01/01/6
http://www.securityfocus.com/bid/57102
http://www.ubuntu.com/usn/USN-1682-1
https://bugs.g10code.com/gnupg/issue1455
https://bugzilla.redhat.com/show_bug.cgi?id=891142
https://exchange.xforce.ibmcloud.com/vulnerabilities/80990
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html
http://rhn.redhat.com/errata/RHSA-2013-1459.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:001
http://www.openwall.com/lists/oss-security/2013/01/01/6
http://www.securityfocus.com/bid/57102
http://www.ubuntu.com/usn/USN-1682-1
https://bugs.g10code.com/gnupg/issue1455
https://bugzilla.redhat.com/show_bug.cgi?id=891142
https://exchange.xforce.ibmcloud.com/vulnerabilities/80990