CVE-2013-4402 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 88%

Vendor	Product	Version
gnupg	gnupg	1.4.0
gnupg	gnupg	1.4.2
gnupg	gnupg	1.4.3
gnupg	gnupg	1.4.4
gnupg	gnupg	1.4.5
gnupg	gnupg	1.4.8
gnupg	gnupg	1.4.10
gnupg	gnupg	1.4.11
gnupg	gnupg	1.4.12
gnupg	gnupg	1.4.13
gnupg	gnupg	1.4.14
gnupg	gnupg	2.0
gnupg	gnupg	2.0.1
gnupg	gnupg	2.0.10
gnupg	gnupg	2.0.11
gnupg	gnupg	2.0.12
gnupg	gnupg	2.0.13
gnupg	gnupg	2.0.14
gnupg	gnupg	2.0.15
gnupg	gnupg	2.0.16
gnupg	gnupg	2.0.17
gnupg	gnupg	2.0.18
gnupg	gnupg	2.0.19
gnupg	gnupg	2.0.20
gnupg	gnupg	2.0.21
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	12.10
canonical	ubuntu_linux	13.04

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

gnupg2

bullseye (security)	2.2.27-2+deb11u2 fixed
bullseye	2.2.27-2+deb11u2 fixed
bookworm	2.2.40-1.1 fixed
trixie	2.2.44-1 fixed
sid	2.2.45-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

gnupg

raring	Fixed 1.4.12-7ubuntu1.2 released
quantal	Fixed 1.4.11-3ubuntu4.3 released
precise	Fixed 1.4.11-3ubuntu2.4 released
lucid	Fixed 1.4.10-2ubuntu1.4 released

gnupg2

raring	Fixed 2.0.19-2ubuntu1.1 released
quantal	Fixed 2.0.17-2ubuntu3.2 released
precise	Fixed 2.0.17-2ubuntu2.12.04.3 released
lucid	ignored

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433

http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html

http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html

http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html

http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html

http://rhn.redhat.com/errata/RHSA-2013-1459.html

http://www.debian.org/security/2013/dsa-2773

http://www.debian.org/security/2013/dsa-2774

http://www.ubuntu.com/usn/USN-1987-1

https://bugzilla.redhat.com/show_bug.cgi?id=1015685

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433

http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html

http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html

http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html

http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html

http://rhn.redhat.com/errata/RHSA-2013-1459.html

http://www.debian.org/security/2013/dsa-2773

http://www.debian.org/security/2013/dsa-2774

http://www.ubuntu.com/usn/USN-1987-1

https://bugzilla.redhat.com/show_bug.cgi?id=1015685