VDB
CVE-2003-0971
CVE-2003-0971
PUBLISHED
CVSS 5 MEDIUM
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
EPSS 2.34% · 85.2th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
2.34%
85.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| gnu | privacy_guard | 1.2.3, 1.0.2, 1.0.3 |
| n/a | n/a | n/a |
Timeline
- Dec 2, 2003 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 3, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- RHSA-2003:395 vendor-advisory
- 20040202-01-U vendor-advisory
- SuSE-SA:2003:048 vendor-advisory
- VU#940388 third-party-advisory
- 10349 third-party-advisory
- 20031127 GnuPG's ElGamal signing keys compromised mailing-list
- DSA-429 vendor-advisory
- http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html url
- 9115 vdb
- http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html url
- RHSA-2003:390 vendor-advisory
- oval:org.mitre.oval:def:10982 vdb
- 10399 third-party-advisory
- 10304 third-party-advisory
- MDKSA-2003:109 vendor-advisory
- CLA-2003:798 vendor-advisory
- 10400 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2003-0971 advisory