Your submission was sent successfully! Close

CVE-2014-4617

Published: 26 June 2014

The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.

Priority

Medium

Status

Package Release Status
gnupg
Launchpad, Ubuntu, Debian
lucid
Released (1.4.10-2ubuntu1.6)
precise
Released (1.4.11-3ubuntu2.6)
saucy
Released (1.4.14-1ubuntu2.2)
trusty
Released (1.4.16-1ubuntu2.1)
upstream
Released (1.4.17,1.4.16-1.2)
gnupg2
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (2.0.17-2ubuntu2.12.04.4)
saucy
Released (2.0.20-1ubuntu3.1)
trusty Does not exist
(trusty was released [2.0.22-3ubuntu1.1])
upstream
Released (2.0.24)