Search for packages
| purl | pkg:deb/debian/gnupg1@1.4.21-4%2Bdeb9u1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7hrs-wfbd-bbcf
Aliases: CVE-2017-7526 |
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used. |
Affected by 0 other vulnerabilities. |
|
VCID-p6xn-vjxt-3qcu
Aliases: CVE-2018-12020 |
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T19:14:43.088816+00:00 | Debian Oval Importer | Affected by | VCID-p6xn-vjxt-3qcu | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |
| 2025-08-01T15:20:16.242043+00:00 | Debian Oval Importer | Affected by | VCID-7hrs-wfbd-bbcf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |