VDB

ALPINE-CVE-2022-34903

ALPINE-CVE-2022-34903 PUBLISHED CVSS 6.5 MEDIUM

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Affected Products

VendorProductVersions
Alpine:v3.13gnupg2.2.12-r0, 0, 2.2.9-r1
Alpine:v3.14gnupg2.2.9-r1, 2.1.10-r0, 0
Alpine:v3.22gnupg2.2.27-r0, 0, 2.2.9-r1
Alpine:v3.21gnupg0, 2.2.20-r0, 2.2.2-r0
Alpine:v3.18gnupg2.0.16-r1, 0, 2.1.5-r1
Alpine:v3.15gnupg2.1.17-r0, 2.1.18-r0, 2.1.19-r0
Alpine:v3.17gnupg2.1.18-r0, 2.1.2-r1, 2.1.20-r0
Alpine:v3.23gnupg0, 2.0.10-r0, 2.0.10-r1
Alpine:v3.16gnupg2.1.20-r0, 2.2.9-r1, 2.2.9-r0
Alpine:v3.24gnupg0
Alpine:v3.19gnupg2.2.35-r2, 0, 2.2.9-r1
Alpine:v3.20gnupg0, 0, 2.2.9-r1

Timeline

  • Jul 1, 2022 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›