VDB

CVE-2003-0255

CVE-2003-0255 PUBLISHED CVSS 10 CRITICAL

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.

EPSS 4.21% · 89.0th percentile

Risk Scores

CVSS 2.0
10
EPSS Score
4.21%
89.0th percentile

Affected Products

VendorProductVersions
n/an/an/a
gnuprivacy_guard0

Timeline

  • May 7, 2003 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Feb 9, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • May 25, 2023 EPSS Score
  • Sep 8, 2023 EPSS Score
  • Oct 30, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›