#VU30594 Input validation error in GnuPG - CVE-2015-1607
Vulnerability identifier: #VU30594
Vulnerability risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
GnuPG
Client/Desktop applications /
Encryption software
Vendor: GNU
Description
The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."
Mitigation
Install update from vendor's website.
Vulnerable software versions
GnuPG: 2.1.0 - 2.1.1
External links
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392
https://www.openwall.com/lists/oss-security/2015/02/13/14
https://www.openwall.com/lists/oss-security/2015/02/14/6
https://www.securityfocus.com/bid/72610
https://www.ubuntu.com/usn/usn-2554-1/
https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
