Use of a Broken or Risky Cryptographic Algorithm in gnupg

Do your applications use this vulnerable package? Test your applications

Overview

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

References

ADVISORY
Debian Security Tracker
MISC
MISC
MISC
RedHat Bugzilla Bug
UBUNTU
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

None
Availability

None

CVE: CVE-2019-14855
CWE: CWE-327
Snyk ID: SNYK-UBUNTU1604-GNUPG-541637
Disclosed: 20 Mar, 2020
Published: 25 Nov, 2019

Use of a Broken or Risky Cryptographic Algorithm
Affecting gnupg package, versions *

Overview

References

CVSS Score

Use of a Broken or Risky Cryptographic Algorithm Affecting gnupg package, versions *

Overview

References

Use of a Broken or Risky Cryptographic Algorithm
Affecting gnupg package, versions *