CVE-2013-4402 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 89%

Affected Products (NVD)

Vendor	Product	Version
gnupg	gnupg	1.4.0
gnupg	gnupg	1.4.2
gnupg	gnupg	1.4.3
gnupg	gnupg	1.4.4
gnupg	gnupg	1.4.5
gnupg	gnupg	1.4.8
gnupg	gnupg	1.4.10
gnupg	gnupg	1.4.11
gnupg	gnupg	1.4.12
gnupg	gnupg	1.4.13
gnupg	gnupg	1.4.14
gnupg	gnupg	2.0
gnupg	gnupg	2.0.1
gnupg	gnupg	2.0.10
gnupg	gnupg	2.0.11
gnupg	gnupg	2.0.12
gnupg	gnupg	2.0.13
gnupg	gnupg	2.0.14
gnupg	gnupg	2.0.15
gnupg	gnupg	2.0.16
gnupg	gnupg	2.0.17
gnupg	gnupg	2.0.18
gnupg	gnupg	2.0.19
gnupg	gnupg	2.0.20
gnupg	gnupg	2.0.21
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	12.10
canonical	ubuntu_linux	13.04

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

gnupg2

bookworm	2.2.40-1.1 fixed
bullseye	2.2.27-2+deb11u2 fixed
bullseye (security)	2.2.27-2+deb11u2 fixed
sid	2.2.45-2 fixed
trixie	2.2.44-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

gnupg

lucid	Fixed 1.4.10-2ubuntu1.4 released
precise	Fixed 1.4.11-3ubuntu2.4 released
quantal	Fixed 1.4.11-3ubuntu4.3 released
raring	Fixed 1.4.12-7ubuntu1.2 released

gnupg2

lucid	ignored
precise	Fixed 2.0.17-2ubuntu2.12.04.3 released
quantal	Fixed 2.0.17-2ubuntu3.2 released
raring	Fixed 2.0.19-2ubuntu1.1 released

openSUSE / SLES Releases

openSUSE Product

Release

gpg2

suse enterprise desktop 15	2.2.5-2.9 fixed
suse enterprise desktop 15 SP1	2.2.5-4.6.2 fixed
suse enterprise sap 12 SP5	2.0.24-9.8.1 fixed
suse enterprise sap 15	2.2.5-2.9 fixed
suse enterprise sap 15 SP1	2.2.5-4.6.2 fixed
suse enterprise server 12	2.0.24-1.5 fixed
suse enterprise server 12 SP1	2.0.24-1.5 fixed
suse enterprise server 12 SP2	2.0.24-3.2 fixed
suse enterprise server 12 SP5	2.0.24-9.8.1 fixed
suse enterprise server 15	2.2.5-2.9 fixed
suse enterprise server 15 SP1	2.2.5-4.6.2 fixed

gpg2-lang

suse enterprise desktop 15	2.2.5-2.9 fixed
suse enterprise desktop 15 SP1	2.2.5-4.6.2 fixed
suse enterprise sap 12 SP5	2.0.24-9.8.1 fixed
suse enterprise sap 15	2.2.5-2.9 fixed
suse enterprise sap 15 SP1	2.2.5-4.6.2 fixed
suse enterprise server 12	2.0.24-1.5 fixed
suse enterprise server 12 SP1	2.0.24-1.5 fixed
suse enterprise server 12 SP2	2.0.24-3.2 fixed
suse enterprise server 12 SP5	2.0.24-9.8.1 fixed
suse enterprise server 15	2.2.5-2.9 fixed
suse enterprise server 15 SP1	2.2.5-4.6.2 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

gnupg2

RHEL 6

0:2.0.14-6.el6_4

fixed

gnupg2-smime

RHEL 6

0:2.0.14-6.el6_4

fixed

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433

http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html

http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html

http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html

http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html

http://rhn.redhat.com/errata/RHSA-2013-1459.html

http://www.debian.org/security/2013/dsa-2773

http://www.debian.org/security/2013/dsa-2774

http://www.ubuntu.com/usn/USN-1987-1

https://bugzilla.redhat.com/show_bug.cgi?id=1015685

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433

http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html

http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html

http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html

http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html

http://rhn.redhat.com/errata/RHSA-2013-1459.html

http://www.debian.org/security/2013/dsa-2773

http://www.debian.org/security/2013/dsa-2774

http://www.ubuntu.com/usn/USN-1987-1

https://bugzilla.redhat.com/show_bug.cgi?id=1015685