Search for packages
| purl | pkg:deb/debian/gnupg2@2.0.26-6%2Bdeb8u2 |
| Next non-vulnerable version | 2.2.40-1.1+deb12u1 |
| Latest non-vulnerable version | 2.4.7-17 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4u1u-zxbs-aaag
Aliases: CVE-2018-12020 |
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. |
Affected by 5 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-bv5h-ayrs-aaan
Aliases: CVE-2018-1000858 |
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060. |
Affected by 2 other vulnerabilities. |
|
VCID-ey5p-3qp3-aaam
Aliases: CVE-2022-34903 |
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-gkq6-68mx-aaak
Aliases: CVE-2018-9234 |
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. |
Affected by 2 other vulnerabilities. |
|
VCID-m3q4-wftu-aaaa
Aliases: CVE-2019-14855 |
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4u1u-zxbs-aaag | mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. |
CVE-2018-12020
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T16:35:57.386703+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T15:44:03.777560+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:11:52.633433+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:57:15.329731+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T11:05:42.658505+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:02:38.210352+00:00 | Debian Oval Importer | Fixing | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.3 |
| 2025-06-21T06:04:25.651418+00:00 | Debian Oval Importer | Affected by | VCID-m3q4-wftu-aaaa | None | 36.1.3 |
| 2025-06-21T00:16:54.391738+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | None | 36.1.3 |
| 2025-06-20T23:57:43.879945+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | None | 36.1.3 |
| 2025-06-20T20:23:27.740009+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | None | 36.1.3 |
| 2025-06-20T19:54:14.612044+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | None | 36.1.3 |
| 2025-06-20T19:50:36.577555+00:00 | Debian Oval Importer | Fixing | VCID-4u1u-zxbs-aaag | None | 36.1.3 |
| 2025-06-08T13:13:31.448621+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T12:06:53.178297+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T09:21:37.015361+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:37:54.594113+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T07:05:14.850780+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:51:24.830082+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:35:14.724232+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T03:51:45.843627+00:00 | Debian Oval Importer | Fixing | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.0 |
| 2025-06-07T23:43:10.705154+00:00 | Debian Oval Importer | Affected by | VCID-m3q4-wftu-aaaa | None | 36.1.0 |
| 2025-06-07T17:39:48.029056+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | None | 36.1.0 |
| 2025-06-07T17:20:37.895710+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | None | 36.1.0 |
| 2025-06-07T13:58:51.952056+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | None | 36.1.0 |
| 2025-06-07T13:45:03.249683+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | None | 36.1.0 |
| 2025-06-07T13:42:02.238861+00:00 | Debian Oval Importer | Fixing | VCID-4u1u-zxbs-aaag | None | 36.1.0 |
| 2025-04-12T22:39:32.227639+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T22:37:31.746477+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:39:24.958375+00:00 | Debian Oval Importer | Affected by | VCID-m3q4-wftu-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:01:22.037684+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:52:24.375368+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T07:53:51.641991+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:09:20.859208+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:37:52.242050+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:23:53.357964+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:05:51.247083+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T02:19:35.706247+00:00 | Debian Oval Importer | Fixing | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.0.0 |
| 2025-04-07T22:15:15.938616+00:00 | Debian Oval Importer | Affected by | VCID-m3q4-wftu-aaaa | None | 36.0.0 |
| 2025-04-07T16:14:43.134169+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | None | 36.0.0 |
| 2025-04-07T15:54:39.481965+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | None | 36.0.0 |
| 2025-04-07T12:33:21.778174+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | None | 36.0.0 |
| 2025-04-07T12:20:18.271128+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | None | 36.0.0 |
| 2025-04-07T12:17:21.151715+00:00 | Debian Oval Importer | Fixing | VCID-4u1u-zxbs-aaag | None | 36.0.0 |