Your submission was sent successfully! Close

CVE-2012-6085

Published: 31 December 2012

The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.

Priority

Medium

Status

Package Release Status
gnupg
Launchpad, Ubuntu, Debian
hardy
Released (1.4.6-2ubuntu5.2)
lucid
Released (1.4.10-2ubuntu1.2)
oneiric
Released (1.4.11-3ubuntu1.11.10.2)
precise
Released (1.4.11-3ubuntu2.2)
quantal
Released (1.4.11-3ubuntu4.1)
upstream
Released (1.4.13,1.4.12-7)
gnupg2
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid
Released (2.0.14-1ubuntu1.5)
oneiric
Released (2.0.17-2ubuntu2.11.10.2)
precise
Released (2.0.17-2ubuntu2.12.04.2)
quantal
Released (2.0.17-2ubuntu3.1)
upstream
Released (2.0.19-2)