Search for packages
| purl | pkg:deb/debian/gnupg2@2.1.18-8~deb9u4 |
| Next non-vulnerable version | 2.2.40-1.1+deb12u1 |
| Latest non-vulnerable version | 2.4.7-17 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4u1u-zxbs-aaag
Aliases: CVE-2018-12020 |
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. |
Affected by 2 other vulnerabilities. |
|
VCID-bv5h-ayrs-aaan
Aliases: CVE-2018-1000858 |
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060. |
Affected by 2 other vulnerabilities. |
|
VCID-ey5p-3qp3-aaam
Aliases: CVE-2022-34903 |
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-gkq6-68mx-aaak
Aliases: CVE-2018-9234 |
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. |
Affected by 2 other vulnerabilities. |
|
VCID-m3q4-wftu-aaaa
Aliases: CVE-2019-14855 |
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4u1u-zxbs-aaag | mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. |
CVE-2018-12020
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-22T17:57:24.081525+00:00 | Debian Importer | Affected by | VCID-gkq6-68mx-aaak | None | 36.1.3 |
| 2025-06-21T16:35:57.391117+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T15:44:03.781195+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:11:52.638479+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:57:15.334445+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T11:05:42.663237+00:00 | Debian Oval Importer | Fixing | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T06:04:25.656303+00:00 | Debian Oval Importer | Affected by | VCID-m3q4-wftu-aaaa | None | 36.1.3 |
| 2025-06-21T00:16:54.395447+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | None | 36.1.3 |
| 2025-06-20T23:57:43.884598+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | None | 36.1.3 |
| 2025-06-20T23:16:02.715647+00:00 | Debian Importer | Affected by | VCID-m3q4-wftu-aaaa | None | 36.1.3 |
| 2025-06-20T21:27:48.377225+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | None | 36.1.3 |
| 2025-06-20T20:23:27.743034+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | None | 36.1.3 |
| 2025-06-20T19:54:14.623633+00:00 | Debian Oval Importer | Fixing | VCID-4u1u-zxbs-aaag | None | 36.1.3 |
| 2025-06-08T13:13:31.452064+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T12:06:53.181966+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T09:21:37.018417+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:37:54.597764+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T07:05:14.854355+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:51:24.833083+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:35:14.729692+00:00 | Debian Oval Importer | Fixing | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-07T23:43:10.710216+00:00 | Debian Oval Importer | Affected by | VCID-m3q4-wftu-aaaa | None | 36.1.0 |
| 2025-06-07T17:39:48.032048+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | None | 36.1.0 |
| 2025-06-07T17:20:37.899891+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | None | 36.1.0 |
| 2025-06-07T14:50:28.066681+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | None | 36.1.0 |
| 2025-06-07T13:58:51.955450+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | None | 36.1.0 |
| 2025-06-07T13:45:03.263245+00:00 | Debian Oval Importer | Fixing | VCID-4u1u-zxbs-aaag | None | 36.1.0 |
| 2025-04-12T22:39:32.237792+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T22:37:31.756549+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:39:24.968254+00:00 | Debian Oval Importer | Affected by | VCID-m3q4-wftu-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:01:22.047632+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:52:24.385486+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T07:53:51.652036+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:09:20.869223+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:37:52.252140+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:23:53.368023+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:05:51.257151+00:00 | Debian Oval Importer | Fixing | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-07T22:15:15.952046+00:00 | Debian Oval Importer | Affected by | VCID-m3q4-wftu-aaaa | None | 36.0.0 |
| 2025-04-07T16:14:43.143485+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | None | 36.0.0 |
| 2025-04-07T15:54:39.492628+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | None | 36.0.0 |
| 2025-04-07T13:22:28.074959+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | None | 36.0.0 |
| 2025-04-07T12:33:21.789378+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | None | 36.0.0 |
| 2025-04-07T12:20:18.283248+00:00 | Debian Oval Importer | Fixing | VCID-4u1u-zxbs-aaag | None | 36.0.0 |
| 2025-04-06T19:22:40.431567+00:00 | Debian Importer | Affected by | VCID-bv5h-ayrs-aaan | None | 36.0.0 |
| 2025-04-06T10:24:59.212556+00:00 | Debian Importer | Affected by | VCID-gkq6-68mx-aaak | None | 36.0.0 |
| 2025-04-04T01:56:21.884266+00:00 | Debian Importer | Affected by | VCID-m3q4-wftu-aaaa | None | 36.0.0 |
| 2025-02-19T06:50:45.145752+00:00 | Debian Importer | Affected by | VCID-m3q4-wftu-aaaa | None | 35.1.0 |
| 2025-02-19T04:35:12.248635+00:00 | Debian Importer | Affected by | VCID-gkq6-68mx-aaak | None | 35.1.0 |
| 2025-02-19T00:22:38.448258+00:00 | Debian Importer | Affected by | VCID-bv5h-ayrs-aaan | None | 35.1.0 |
| 2024-11-21T22:00:44.875249+00:00 | Debian Importer | Affected by | VCID-bv5h-ayrs-aaan | None | 35.0.0 |
| 2024-11-19T21:07:02.651428+00:00 | Debian Importer | Affected by | VCID-bv5h-ayrs-aaan | None | 34.3.2 |
| 2024-10-08T22:16:03.469572+00:00 | Debian Importer | Affected by | VCID-bv5h-ayrs-aaan | None | 34.0.2 |
| 2024-09-18T10:34:30.705223+00:00 | Debian Importer | Affected by | VCID-bv5h-ayrs-aaan | None | 34.0.1 |
| 2024-04-24T14:34:46.836611+00:00 | Debian Importer | Affected by | VCID-m3q4-wftu-aaaa | None | 34.0.0rc4 |
| 2024-04-24T13:36:22.691999+00:00 | Debian Importer | Affected by | VCID-gkq6-68mx-aaak | None | 34.0.0rc4 |
| 2024-04-24T12:02:14.733949+00:00 | Debian Importer | Affected by | VCID-bv5h-ayrs-aaan | None | 34.0.0rc4 |
| 2024-01-10T17:16:12.887495+00:00 | Debian Importer | Affected by | VCID-m3q4-wftu-aaaa | None | 34.0.0rc2 |
| 2024-01-10T16:13:54.182647+00:00 | Debian Importer | Affected by | VCID-gkq6-68mx-aaak | None | 34.0.0rc2 |
| 2024-01-10T13:54:21.444916+00:00 | Debian Importer | Affected by | VCID-bv5h-ayrs-aaan | None | 34.0.0rc2 |
| 2024-01-04T06:56:12.345282+00:00 | Debian Importer | Affected by | VCID-m3q4-wftu-aaaa | None | 34.0.0rc1 |
| 2024-01-04T06:10:07.058262+00:00 | Debian Importer | Affected by | VCID-gkq6-68mx-aaak | None | 34.0.0rc1 |
| 2024-01-04T05:05:18.984806+00:00 | Debian Importer | Affected by | VCID-bv5h-ayrs-aaan | None | 34.0.0rc1 |