VulnerableCode Package Details - pkg:deb/debian/gnupg1@1.4.21-4%2Bdeb9u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-4u1u-zxbs-aaag Aliases: CVE-2018-12020	mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.	1.4.23-1 Affected by 0 other vulnerabilities.
VCID-vavn-12uu-aaan Aliases: CVE-2017-7526	libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.	1.4.23-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4u1u-zxbs-aaag
Aliases:
CVE-2018-12020

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.

1.4.23-1
Affected by 0 other vulnerabilities.

VCID-vavn-12uu-aaan
Aliases:
CVE-2017-7526

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.

1.4.23-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T17:18:32.463119+00:00	Debian Oval Importer	Affected by	VCID-vavn-12uu-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T12:37:12.516454+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-20T21:34:28.938586+00:00	Debian Oval Importer	Affected by	VCID-vavn-12uu-aaan	None	36.1.3
2025-06-20T20:29:52.512787+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	None	36.1.3
2025-06-08T13:10:27.975908+00:00	Debian Oval Importer	Affected by	VCID-vavn-12uu-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T09:59:39.039757+00:00	Debian Oval Importer	Affected by	VCID-vavn-12uu-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T05:34:35.988151+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T14:56:59.887538+00:00	Debian Oval Importer	Affected by	VCID-vavn-12uu-aaan	None	36.1.0
2025-06-07T14:03:54.496726+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	None	36.1.0
2025-04-12T21:54:20.658462+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T18:58:10.287888+00:00	Debian Oval Importer	Affected by	VCID-vavn-12uu-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T08:31:55.550912+00:00	Debian Oval Importer	Affected by	VCID-vavn-12uu-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:06:04.769035+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T13:28:57.676428+00:00	Debian Oval Importer	Affected by	VCID-vavn-12uu-aaan	None	36.0.0
2025-04-07T12:37:51.347610+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	None	36.0.0
2025-04-06T13:22:09.342389+00:00	Debian Importer	Affected by	VCID-vavn-12uu-aaan	None	36.0.0
2025-02-18T23:03:23.413397+00:00	Debian Importer	Affected by	VCID-vavn-12uu-aaan	None	35.1.0
2024-11-21T20:44:26.998736+00:00	Debian Importer	Affected by	VCID-vavn-12uu-aaan	None	35.0.0
2024-11-19T19:52:35.438959+00:00	Debian Importer	Affected by	VCID-vavn-12uu-aaan	None	34.3.2
2024-10-08T21:11:41.650682+00:00	Debian Importer	Affected by	VCID-vavn-12uu-aaan	None	34.0.2
2024-09-18T09:16:23.638030+00:00	Debian Importer	Affected by	VCID-vavn-12uu-aaan	None	34.0.1
2024-04-24T11:40:49.091207+00:00	Debian Importer	Affected by	VCID-vavn-12uu-aaan	None	34.0.0rc4
2024-01-10T13:31:17.167761+00:00	Debian Importer	Affected by	VCID-vavn-12uu-aaan	None	34.0.0rc2
2024-01-04T04:50:48.972295+00:00	Debian Importer	Affected by	VCID-vavn-12uu-aaan	None	34.0.0rc1

2025-06-21T17:18:32.463119+00:00

Debian Oval Importer

Affected by

Next non-vulnerable version	1.4.23-1
Latest non-vulnerable version	1.4.23-1
Risk	4.0