Improper Validation of Certificate with Host Mismatch in gnupg2

Do your applications use this vulnerable package? Test your applications

Overview

Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.

References

CONFIRM
CONFIRM
CONFIRM
FEDORA
FEDORA
MISC
MISC
MLIST
SUSE
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2019-13050
CWE: CWE-297
Snyk ID: SNYK-UBUNTU1804-GNUPG2-453470
Disclosed: 29 Jun, 2019
Published: 24 Jul, 2019

Improper Validation of Certificate with Host Mismatch
Affecting gnupg2 package, versions *

Overview

References

CVSS Score

Improper Validation of Certificate with Host Mismatch Affecting gnupg2 package, versions *

Overview

References

Improper Validation of Certificate with Host Mismatch
Affecting gnupg2 package, versions *