VulnerableCode Package Details - pkg:deb/debian/gnupg2@2.2.12-1%2Bdeb10u2

Search for packages

Vulnerability	Summary	Fixed by
VCID-ey5p-3qp3-aaam Aliases: CVE-2022-34903	GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.	2.2.27-2+deb11u2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-m3q4-wftu-aaaa Aliases: CVE-2019-14855	A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.	2.2.20-1~bpo9+1 Affected by 0 other vulnerabilities. 2.2.27-2~bpo10+1 Affected by 0 other vulnerabilities. 2.2.27-2+deb11u2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-ey5p-3qp3-aaam
Aliases:
CVE-2022-34903

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.

2.2.27-2+deb11u2
Affected by 1 other vulnerability.

VCID-m3q4-wftu-aaaa
Aliases:
CVE-2019-14855

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

2.2.20-1~bpo9+1
Affected by 0 other vulnerabilities.

2.2.27-2~bpo10+1
Affected by 0 other vulnerabilities.

2.2.27-2+deb11u2
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-ey5p-3qp3-aaam	GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.	CVE-2022-34903

Vulnerability

Summary

Aliases

VCID-ey5p-3qp3-aaam

CVE-2022-34903

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T16:35:57.395641+00:00	Debian Oval Importer	Fixing	VCID-ey5p-3qp3-aaam	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T06:04:25.661366+00:00	Debian Oval Importer	Affected by	VCID-m3q4-wftu-aaaa	None	36.1.3
2025-06-21T03:19:56.982735+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	None	36.1.3
2025-06-20T21:25:58.964991+00:00	Debian Importer	Affected by	VCID-m3q4-wftu-aaaa	None	36.1.3
2025-06-20T21:03:12.985710+00:00	Debian Importer	Affected by	VCID-m3q4-wftu-aaaa	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-20T20:23:27.746117+00:00	Debian Oval Importer	Fixing	VCID-ey5p-3qp3-aaam	None	36.1.3
2025-06-08T12:06:53.185578+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T09:21:37.021424+00:00	Debian Oval Importer	Fixing	VCID-ey5p-3qp3-aaam	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T23:43:10.714145+00:00	Debian Oval Importer	Affected by	VCID-m3q4-wftu-aaaa	None	36.1.0
2025-06-07T20:52:59.608585+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	None	36.1.0
2025-06-07T13:58:51.959566+00:00	Debian Oval Importer	Fixing	VCID-ey5p-3qp3-aaam	None	36.1.0
2025-06-05T14:46:05.755572+00:00	Debian Importer	Affected by	VCID-m3q4-wftu-aaaa	https://security-tracker.debian.org/tracker/data/json	36.1.0
2025-04-12T21:39:24.978133+00:00	Debian Oval Importer	Affected by	VCID-m3q4-wftu-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T17:52:24.395380+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T07:53:51.662006+00:00	Debian Oval Importer	Fixing	VCID-ey5p-3qp3-aaam	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T22:15:15.961284+00:00	Debian Oval Importer	Affected by	VCID-m3q4-wftu-aaaa	None	36.0.0
2025-04-07T19:23:33.037558+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	None	36.0.0
2025-04-07T12:33:21.800780+00:00	Debian Oval Importer	Fixing	VCID-ey5p-3qp3-aaam	None	36.0.0
2025-04-04T00:03:30.116724+00:00	Debian Importer	Affected by	VCID-m3q4-wftu-aaaa	None	36.0.0
2025-04-03T23:43:45.202632+00:00	Debian Importer	Affected by	VCID-m3q4-wftu-aaaa	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-02-19T06:50:46.516213+00:00	Debian Importer	Affected by	VCID-m3q4-wftu-aaaa	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-19T06:50:44.343495+00:00	Debian Importer	Affected by	VCID-m3q4-wftu-aaaa	None	35.1.0
2024-04-24T14:34:48.447851+00:00	Debian Importer	Affected by	VCID-m3q4-wftu-aaaa	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-24T14:34:46.010694+00:00	Debian Importer	Affected by	VCID-m3q4-wftu-aaaa	None	34.0.0rc4
2024-01-10T17:16:14.451567+00:00	Debian Importer	Affected by	VCID-m3q4-wftu-aaaa	https://security-tracker.debian.org/tracker/data/json	34.0.0rc2
2024-01-10T17:16:11.956246+00:00	Debian Importer	Affected by	VCID-m3q4-wftu-aaaa	None	34.0.0rc2
2024-01-04T06:56:19.566347+00:00	Debian Importer	Affected by	VCID-m3q4-wftu-aaaa	https://security-tracker.debian.org/tracker/data/json	34.0.0rc1
2024-01-04T06:56:10.577927+00:00	Debian Importer	Affected by	VCID-m3q4-wftu-aaaa	None	34.0.0rc1

2025-06-21T16:35:57.395641+00:00

Debian Oval Importer

Fixing

VCID-ey5p-3qp3-aaam

https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2

36.1.3

2025-06-21T06:04:25.661366+00:00

Debian Oval Importer

Affected by

Next non-vulnerable version	2.2.40-1.1+deb12u1
Latest non-vulnerable version	2.4.7-17
Risk	3.4