Homepage
About Snyk

Improper Verification of Cryptographic Signature The advisory has been revoked - it doesn't affect any version of package gpgme Open this link in a new tab

    Threat Intelligence

    EPSS 0.42% (75th percentile)
Expand this section
NVD
6.5 medium
Expand this section
SUSE
6.8 medium
Expand this section
Red Hat
5.9 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-CENTOS8-GPGME-2946022
  • published 8 Jul 2022
  • disclosed 30 Jun 2022
Report a new vulnerability Found a mistake?

Introduced: 30 Jun 2022

CVE-2022-34903 Open this link in a new tab
CWE-347 Open this link in a new tab

Amendment

The Centos security team deemed this advisory irrelevant for Centos:8.

NVD Description

Note: Versions mentioned in the description apply only to the upstream gpgme package and not the gpgme package as distributed by Centos.

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.

References