CVE-2016-4021

EUVD-2016-5027
The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
pgpdump_projectpgpdump
𝑥
≤ 0.29
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pgpdump
bookworm
0.34-1
fixed
bullseye
0.33-2
fixed
sid
0.36-1
fixed
trixie
0.36-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pgpdump
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
precise
Fixed 0.27-1+deb7u1build0.12.04.1
released
trusty
Fixed 0.28-1+deb8u1build0.14.04.1
released
wily
ignored
xenial
needed
yakkety
ignored
zesty
not-affected
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183750.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184617.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184689.html
http://seclists.org/bugtraq/2016/Apr/99
https://github.com/kazu-yamamoto/pgpdump/pull/16
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183750.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184617.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184689.html
http://seclists.org/bugtraq/2016/Apr/99
https://github.com/kazu-yamamoto/pgpdump/pull/16
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt