CVE-2019-13050
29.06.2019, 17:15
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gnupg | gnupg | 𝑥 ≤ 2.2.16 |
| sks_keyserver_project | sks_keyserver | 𝑥 ≤ 1.2.0 |
| opensuse | leap | 15.0 |
| opensuse | leap | 15.1 |
| f5 | traffix_signaling_delivery_controller | 5.0.0 ≤ 𝑥 ≤ 5.1.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| gnupg |
| ||||||||||||||||||||||||||||||
| gnupg2 |
| ||||||||||||||||||||||||||||||
| sks |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| dirmngr |
| ||||||||||||||||||||||||||||||||||||||||||||||
| gpg2 |
| ||||||||||||||||||||||||||||||||||||||||||||||
| gpg2-lang |
|
Red Hat Enterprise Linux Releases
Common Weakness Enumeration
References