|Number of vulnerabilities||1|
Client/Desktop applications / Encryption software
This security bulletin contains one low risk vulnerability.
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: NoDescription
The vulnerability allows a remote attacker to conduct spoofing attack.
The vulnerability exists due to an input validation flaw in the processing of filenames when displaying the filename. A remote attacker can send a signed and encrypted email message that includes the specially crafted name of the original input file, spoof status messages and fake the verification status of a signed email message.Mitigation
Update to version 2.2.8.
GnuPG: 2.2.4 - 2.2.7CPE2.3
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?