Search for packages
| purl | pkg:deb/debian/gnupg2@2.2.27-2%2Bdeb11u2 |
| Next non-vulnerable version | 2.2.40-1.1+deb12u1 |
| Latest non-vulnerable version | 2.2.40-1.1+deb12u1 |
| Risk | 1.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-mw2w-gzpr-cbcq
Aliases: CVE-2025-30258 |
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-m9c4-h91g-sfgu | A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18. |
CVE-2019-14855
|
| VCID-r49h-z2st-4kew | GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. |
CVE-2022-34903
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T18:55:10.649740+00:00 | Debian Oval Importer | Fixing | VCID-m9c4-h91g-sfgu | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |
| 2025-08-01T13:52:14.201833+00:00 | Debian Oval Importer | Fixing | VCID-r49h-z2st-4kew | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |
| 2025-08-01T13:22:29.448665+00:00 | Debian Importer | Affected by | VCID-mw2w-gzpr-cbcq | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |