VulnerableCode Package Details - pkg:deb/ubuntu/gnupg2@2.2.4-1ubuntu1.3

Search for packages

Package details: pkg:deb/ubuntu/gnupg2@2.2.4-1ubuntu1.3

Essentials
History (0)

purl	pkg:deb/ubuntu/gnupg2@2.2.4-1ubuntu1.3

Next non-vulnerable version	2.2.19-3ubuntu2
Latest non-vulnerable version	2.2.19-3ubuntu2
Risk	4.0

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-2c8m-9dgp-aaae Aliases: CVE-2019-13050	CVE-2019-13050 GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS	2.2.19-3ubuntu1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-4u1u-zxbs-aaag Aliases: CVE-2018-12020	mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.	2.2.8-1ubuntu1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-m3q4-wftu-aaaa Aliases: CVE-2019-14855	A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.	2.2.19-3ubuntu2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version