Vulnerability Details CVE-2013-4402
The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.047
EPSS Ranking 88.7%
CVSS Severity
CVSS v2 Score 5.0
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433
- http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html
- http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html
- http://rhn.redhat.com/errata/RHSA-2013-1459.html
- http://www.debian.org/security/2013/dsa-2773
- http://www.debian.org/security/2013/dsa-2774
- http://www.ubuntu.com/usn/USN-1987-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1015685
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433
- http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html
- http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html
- http://rhn.redhat.com/errata/RHSA-2013-1459.html
- http://www.debian.org/security/2013/dsa-2773
- http://www.debian.org/security/2013/dsa-2774
- http://www.ubuntu.com/usn/USN-1987-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1015685
Products affected by CVE-2013-4402
-
cpe:2.3:a:gnupg:gnupg:1.4.0
-
cpe:2.3:a:gnupg:gnupg:1.4.10
-
cpe:2.3:a:gnupg:gnupg:1.4.11
-
cpe:2.3:a:gnupg:gnupg:1.4.12
-
cpe:2.3:a:gnupg:gnupg:1.4.13
-
cpe:2.3:a:gnupg:gnupg:1.4.14
-
cpe:2.3:a:gnupg:gnupg:1.4.2
-
cpe:2.3:a:gnupg:gnupg:1.4.3
-
cpe:2.3:a:gnupg:gnupg:1.4.4
-
cpe:2.3:a:gnupg:gnupg:1.4.5
-
cpe:2.3:a:gnupg:gnupg:1.4.8
-
cpe:2.3:a:gnupg:gnupg:2.0
-
cpe:2.3:a:gnupg:gnupg:2.0.1
-
cpe:2.3:a:gnupg:gnupg:2.0.10
-
cpe:2.3:a:gnupg:gnupg:2.0.11
-
cpe:2.3:a:gnupg:gnupg:2.0.12
-
cpe:2.3:a:gnupg:gnupg:2.0.13
-
cpe:2.3:a:gnupg:gnupg:2.0.14
-
cpe:2.3:a:gnupg:gnupg:2.0.15
-
cpe:2.3:a:gnupg:gnupg:2.0.16
-
cpe:2.3:a:gnupg:gnupg:2.0.17
-
cpe:2.3:a:gnupg:gnupg:2.0.18
-
cpe:2.3:a:gnupg:gnupg:2.0.19
-
cpe:2.3:a:gnupg:gnupg:2.0.20
-
cpe:2.3:a:gnupg:gnupg:2.0.21
-
cpe:2.3:o:canonical:ubuntu_linux:10.04
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:12.10
-
cpe:2.3:o:canonical:ubuntu_linux:13.04