CVE-2014-4617

Published: 26 June 2014

The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.

Priority

Medium

Status

Package Release Status
gnupg
Launchpad, Ubuntu, Debian
Upstream
Released (1.4.17,1.4.16-1.2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.4.16-1ubuntu2.1)
Patches:
Upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=11fdfcf82bd8
gnupg2
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.24)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2.0.22-3ubuntu1.1])
Patches:
Upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=014b2103fcb1