oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: GnuPG-1

From: cve-assign () mitre org
Date: Tue, 24 Jun 2014 10:25:42 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html



This release includes a *security fix* to stop a possible DoS using
garbled compressed data packets which can be used to put gpg into an
infinite loop.



A packet like (a3 01 5b ff) leads to an infinite loop.


Use CVE-2014-4617 for this issue affecting both GnuPG 1.x before
1.4.17 and 2.x before 2.0.24.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTqYoHAAoJEKllVAevmvmsQhUIAMb33SXyGjEUBXPH5DcMA6hT
f+0xo7Hk9eHCuOo2mYuCIOba/juCIDm1ur/KCCmEShk7LyLczDwIxROOnSGmyhTG
kss5LIAqmYcvVbFveWnVVMvPJgYXBABBnhPjs3r2hFN8dgzYYKrz8rbR+SkTFoiK
kKRMAeYOSbpp/vIq1KvippLmCqWpk78Em8lKy5A00I8H7fUHsz1nXjVftGGYH7Og
J0ZFFRIYQUnm0tMRXPLzIf7WCxnQB0XMyI82ag6b4JS2BE1rBAKWZ6c3W1eKeGjy
VHvwKL3sKycKcb8Z0TOR1N0oqwtouy8pvyV6gpD7Y5xubLGZ6mdQpq6CptbQILM=
=Ft2X
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: