VulnerableCode Package Details - pkg:deb/debian/gnupg2@2.2.12-1

Vulnerability	Summary	Fixed by
VCID-ey5p-3qp3-aaam Aliases: CVE-2022-34903	GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.	2.2.12-1+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.27-2+deb11u2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-m3q4-wftu-aaaa Aliases: CVE-2019-14855	A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.	2.2.20-1~bpo9+1 Affected by 0 other vulnerabilities. 2.2.27-2~bpo10+1 Affected by 0 other vulnerabilities. 2.2.27-2+deb11u2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability	Summary	Aliases
VCID-4u1u-zxbs-aaag	mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.	CVE-2018-12020
VCID-bv5h-ayrs-aaan	GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.	CVE-2018-1000858
VCID-gkq6-68mx-aaak	GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.	CVE-2018-9234
VCID-m3q4-wftu-aaaa	A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.	CVE-2019-14855

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-22T17:57:24.083933+00:00	Debian Importer	Fixing	VCID-gkq6-68mx-aaak	None	36.1.3
2025-06-21T16:35:57.393421+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T15:44:03.783004+00:00	Debian Oval Importer	Fixing	VCID-bv5h-ayrs-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T14:11:52.640985+00:00	Debian Oval Importer	Fixing	VCID-4u1u-zxbs-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:57:15.336796+00:00	Debian Oval Importer	Fixing	VCID-gkq6-68mx-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T06:04:25.658902+00:00	Debian Oval Importer	Affected by	VCID-m3q4-wftu-aaaa	None	36.1.3
2025-06-21T00:16:54.397294+00:00	Debian Oval Importer	Fixing	VCID-bv5h-ayrs-aaan	None	36.1.3
2025-06-20T23:57:43.886999+00:00	Debian Oval Importer	Fixing	VCID-gkq6-68mx-aaak	None	36.1.3
2025-06-20T23:16:02.717928+00:00	Debian Importer	Fixing	VCID-m3q4-wftu-aaaa	None	36.1.3
2025-06-20T21:27:48.378855+00:00	Debian Oval Importer	Fixing	VCID-4u1u-zxbs-aaag	None	36.1.3
2025-06-20T20:23:27.744586+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	None	36.1.3
2025-06-08T13:13:31.454002+00:00	Debian Oval Importer	Fixing	VCID-bv5h-ayrs-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T12:06:53.183773+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T09:21:37.019915+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T08:37:54.599604+00:00	Debian Oval Importer	Fixing	VCID-bv5h-ayrs-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T07:05:14.856191+00:00	Debian Oval Importer	Fixing	VCID-4u1u-zxbs-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:51:24.834579+00:00	Debian Oval Importer	Fixing	VCID-gkq6-68mx-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T23:43:10.712224+00:00	Debian Oval Importer	Affected by	VCID-m3q4-wftu-aaaa	None	36.1.0
2025-06-07T17:39:48.033556+00:00	Debian Oval Importer	Fixing	VCID-bv5h-ayrs-aaan	None	36.1.0
2025-06-07T17:20:37.901713+00:00	Debian Oval Importer	Fixing	VCID-gkq6-68mx-aaak	None	36.1.0
2025-06-07T14:50:28.068407+00:00	Debian Oval Importer	Fixing	VCID-4u1u-zxbs-aaag	None	36.1.0
2025-06-07T13:58:51.957011+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	None	36.1.0
2025-04-12T22:39:32.242736+00:00	Debian Oval Importer	Fixing	VCID-gkq6-68mx-aaak	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T22:37:31.761506+00:00	Debian Oval Importer	Fixing	VCID-4u1u-zxbs-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T21:39:24.973205+00:00	Debian Oval Importer	Affected by	VCID-m3q4-wftu-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T19:01:22.052699+00:00	Debian Oval Importer	Fixing	VCID-bv5h-ayrs-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T17:52:24.390295+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T07:53:51.657077+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T07:09:20.874141+00:00	Debian Oval Importer	Fixing	VCID-bv5h-ayrs-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T05:37:52.257136+00:00	Debian Oval Importer	Fixing	VCID-4u1u-zxbs-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T05:23:53.373013+00:00	Debian Oval Importer	Fixing	VCID-gkq6-68mx-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T22:15:15.956974+00:00	Debian Oval Importer	Affected by	VCID-m3q4-wftu-aaaa	None	36.0.0
2025-04-07T16:14:43.147983+00:00	Debian Oval Importer	Fixing	VCID-bv5h-ayrs-aaan	None	36.0.0
2025-04-07T15:54:39.497883+00:00	Debian Oval Importer	Fixing	VCID-gkq6-68mx-aaak	None	36.0.0
2025-04-07T13:22:28.080599+00:00	Debian Oval Importer	Fixing	VCID-4u1u-zxbs-aaag	None	36.0.0
2025-04-07T12:33:21.794978+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	None	36.0.0
2025-04-06T19:22:40.436119+00:00	Debian Importer	Fixing	VCID-bv5h-ayrs-aaan	None	36.0.0
2025-04-06T10:24:59.216965+00:00	Debian Importer	Fixing	VCID-gkq6-68mx-aaak	None	36.0.0
2025-04-04T01:56:21.889356+00:00	Debian Importer	Fixing	VCID-m3q4-wftu-aaaa	None	36.0.0
2025-02-19T06:50:45.150722+00:00	Debian Importer	Fixing	VCID-m3q4-wftu-aaaa	None	35.1.0
2025-02-19T04:35:12.252951+00:00	Debian Importer	Fixing	VCID-gkq6-68mx-aaak	None	35.1.0
2025-02-19T00:22:38.453862+00:00	Debian Importer	Fixing	VCID-bv5h-ayrs-aaan	None	35.1.0
2024-11-21T22:00:44.880999+00:00	Debian Importer	Fixing	VCID-bv5h-ayrs-aaan	None	35.0.0
2024-11-19T21:07:02.657867+00:00	Debian Importer	Fixing	VCID-bv5h-ayrs-aaan	None	34.3.2
2024-10-08T22:16:03.474935+00:00	Debian Importer	Fixing	VCID-bv5h-ayrs-aaan	None	34.0.2
2024-09-18T10:34:30.710144+00:00	Debian Importer	Fixing	VCID-bv5h-ayrs-aaan	None	34.0.1
2024-04-24T14:34:46.840782+00:00	Debian Importer	Fixing	VCID-m3q4-wftu-aaaa	None	34.0.0rc4
2024-04-24T13:36:22.696745+00:00	Debian Importer	Fixing	VCID-gkq6-68mx-aaak	None	34.0.0rc4
2024-04-24T12:02:14.738116+00:00	Debian Importer	Fixing	VCID-bv5h-ayrs-aaan	None	34.0.0rc4
2024-01-10T17:16:12.892450+00:00	Debian Importer	Fixing	VCID-m3q4-wftu-aaaa	None	34.0.0rc2
2024-01-10T16:13:54.187394+00:00	Debian Importer	Fixing	VCID-gkq6-68mx-aaak	None	34.0.0rc2
2024-01-10T13:54:21.449085+00:00	Debian Importer	Fixing	VCID-bv5h-ayrs-aaan	None	34.0.0rc2
2024-01-04T06:56:12.351195+00:00	Debian Importer	Fixing	VCID-m3q4-wftu-aaaa	None	34.0.0rc1
2024-01-04T06:10:07.062417+00:00	Debian Importer	Fixing	VCID-gkq6-68mx-aaak	None	34.0.0rc1
2024-01-04T05:05:18.989182+00:00	Debian Importer	Fixing	VCID-bv5h-ayrs-aaan	None	34.0.0rc1

Next non-vulnerable version	2.2.40-1.1+deb12u1
Latest non-vulnerable version	2.4.7-17
Risk	3.4