Vulnerability Details CVE-2020-24972
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.211
EPSS Ranking 95.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00064.html
- https://dev.gnupg.org/rKLEOPATRAb4bd63c1739900d94c04da03045e9445a5a5f54b
- https://dev.gnupg.org/source/kleo/browse/master/CMakeLists.txt
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRIPL72WMXTVWS2M7WYV5SNPETYJ2YI7/
- https://security.gentoo.org/glsa/202008-21
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00064.html
- https://dev.gnupg.org/rKLEOPATRAb4bd63c1739900d94c04da03045e9445a5a5f54b
- https://dev.gnupg.org/source/kleo/browse/master/CMakeLists.txt
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRIPL72WMXTVWS2M7WYV5SNPETYJ2YI7/
- https://security.gentoo.org/glsa/202008-21
Products affected by CVE-2020-24972
-
cpe:2.3:a:kleopatra_project:kleopatra:-
-
cpe:2.3:a:kleopatra_project:kleopatra:16.03.80
-
cpe:2.3:a:kleopatra_project:kleopatra:16.03.90
-
cpe:2.3:a:kleopatra_project:kleopatra:16.04.0
-
cpe:2.3:a:kleopatra_project:kleopatra:16.04.1
-
cpe:2.3:a:kleopatra_project:kleopatra:16.04.2
-
cpe:2.3:a:kleopatra_project:kleopatra:16.04.3
-
cpe:2.3:a:kleopatra_project:kleopatra:16.07.80
-
cpe:2.3:a:kleopatra_project:kleopatra:16.07.90
-
cpe:2.3:a:kleopatra_project:kleopatra:16.08.0
-
cpe:2.3:a:kleopatra_project:kleopatra:16.08.1
-
cpe:2.3:a:kleopatra_project:kleopatra:16.08.2
-
cpe:2.3:a:kleopatra_project:kleopatra:16.08.3
-
cpe:2.3:a:kleopatra_project:kleopatra:16.11.80
-
cpe:2.3:a:kleopatra_project:kleopatra:16.11.90
-
cpe:2.3:a:kleopatra_project:kleopatra:16.12.0
-
cpe:2.3:a:kleopatra_project:kleopatra:16.12.1
-
cpe:2.3:a:kleopatra_project:kleopatra:16.12.2
-
cpe:2.3:a:kleopatra_project:kleopatra:16.12.3
-
cpe:2.3:a:kleopatra_project:kleopatra:17.03.80
-
cpe:2.3:a:kleopatra_project:kleopatra:17.03.90
-
cpe:2.3:a:kleopatra_project:kleopatra:17.04.0
-
cpe:2.3:a:kleopatra_project:kleopatra:17.04.1
-
cpe:2.3:a:kleopatra_project:kleopatra:17.04.2
-
cpe:2.3:a:kleopatra_project:kleopatra:17.04.3
-
cpe:2.3:a:kleopatra_project:kleopatra:17.07.80
-
cpe:2.3:a:kleopatra_project:kleopatra:17.07.90
-
cpe:2.3:a:kleopatra_project:kleopatra:17.08.0
-
cpe:2.3:a:kleopatra_project:kleopatra:17.08.1
-
cpe:2.3:a:kleopatra_project:kleopatra:17.08.2
-
cpe:2.3:a:kleopatra_project:kleopatra:17.08.3
-
cpe:2.3:a:kleopatra_project:kleopatra:17.11.80
-
cpe:2.3:a:kleopatra_project:kleopatra:17.11.90
-
cpe:2.3:a:kleopatra_project:kleopatra:17.12.0
-
cpe:2.3:a:kleopatra_project:kleopatra:17.12.1
-
cpe:2.3:a:kleopatra_project:kleopatra:17.12.2
-
cpe:2.3:a:kleopatra_project:kleopatra:17.12.3
-
cpe:2.3:a:kleopatra_project:kleopatra:18.03.80
-
cpe:2.3:a:kleopatra_project:kleopatra:18.03.90
-
cpe:2.3:a:kleopatra_project:kleopatra:18.04.0
-
cpe:2.3:a:kleopatra_project:kleopatra:18.04.1
-
cpe:2.3:a:kleopatra_project:kleopatra:18.04.2
-
cpe:2.3:a:kleopatra_project:kleopatra:18.04.3
-
cpe:2.3:a:kleopatra_project:kleopatra:18.07.80
-
cpe:2.3:a:kleopatra_project:kleopatra:18.07.90
-
cpe:2.3:a:kleopatra_project:kleopatra:18.08.0
-
cpe:2.3:a:kleopatra_project:kleopatra:18.08.1
-
cpe:2.3:a:kleopatra_project:kleopatra:18.08.2
-
cpe:2.3:a:kleopatra_project:kleopatra:18.08.3
-
cpe:2.3:a:kleopatra_project:kleopatra:18.11.80
-
cpe:2.3:a:kleopatra_project:kleopatra:18.11.90
-
cpe:2.3:a:kleopatra_project:kleopatra:18.12.0
-
cpe:2.3:a:kleopatra_project:kleopatra:18.12.1
-
cpe:2.3:a:kleopatra_project:kleopatra:18.12.2
-
cpe:2.3:a:kleopatra_project:kleopatra:18.12.3
-
cpe:2.3:a:kleopatra_project:kleopatra:19.03.80
-
cpe:2.3:a:kleopatra_project:kleopatra:19.03.90
-
cpe:2.3:a:kleopatra_project:kleopatra:19.04.0
-
cpe:2.3:a:kleopatra_project:kleopatra:19.04.1
-
cpe:2.3:a:kleopatra_project:kleopatra:19.04.2
-
cpe:2.3:a:kleopatra_project:kleopatra:19.04.3
-
cpe:2.3:a:kleopatra_project:kleopatra:19.07.80
-
cpe:2.3:a:kleopatra_project:kleopatra:19.07.90
-
cpe:2.3:a:kleopatra_project:kleopatra:19.08.0
-
cpe:2.3:a:kleopatra_project:kleopatra:19.08.1
-
cpe:2.3:a:kleopatra_project:kleopatra:19.08.2
-
cpe:2.3:a:kleopatra_project:kleopatra:19.08.3
-
cpe:2.3:a:kleopatra_project:kleopatra:19.11.80
-
cpe:2.3:a:kleopatra_project:kleopatra:19.11.90
-
cpe:2.3:a:kleopatra_project:kleopatra:19.12.0
-
cpe:2.3:a:kleopatra_project:kleopatra:19.12.1
-
cpe:2.3:a:kleopatra_project:kleopatra:19.12.2
-
cpe:2.3:a:kleopatra_project:kleopatra:19.12.3
-
cpe:2.3:a:kleopatra_project:kleopatra:20.03.80
-
cpe:2.3:a:kleopatra_project:kleopatra:20.03.90
-
cpe:2.3:a:kleopatra_project:kleopatra:20.04.0
-
cpe:2.3:a:kleopatra_project:kleopatra:20.04.1
-
cpe:2.3:a:kleopatra_project:kleopatra:20.04.2
-
cpe:2.3:a:kleopatra_project:kleopatra:20.04.3
-
cpe:2.3:a:opensuse:backports_sle:15.0
-
cpe:2.3:o:fedoraproject:fedora:32
-
cpe:2.3:o:opensuse:leap:15.1