CVE-2012-6085 — Vulnetix

Try Vulnetix Request Demo

CVE-2012-6085 PUBLISHED CVSS 5.800000190734863 MEDIUM

The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.

EPSS 2.31% · 84.6th percentile

Risk Scores

CVSS v2.0

5.800000190734863

EPSS Score

2.31%

84.6th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
gnupg	gnupg	1.4.0, 1.4.2, 1.4.3

Timeline

Jan 24, 2013 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Feb 13, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

https://bugzilla.redhat.com/show_bug.cgi?id=891142 url
https://bugs.g10code.com/gnupg/issue1455 url
57102 vdb
FEDORA-2013-0377 vendor-advisory
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67 url
[oss-security] 20130101 Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption mailing-list
FEDORA-2013-0148 vendor-advisory
RHSA-2013:1459 vendor-advisory
USN-1682-1 vendor-advisory
MDVSA-2013:001 vendor-advisory
gnupg-public-keys-code-exec(80990) vdb
https://nvd.nist.gov/vuln/detail/CVE-2012-6085 advisory
https://access.redhat.com/errata/RHSA-2013:1458 url
https://access.redhat.com/errata/RHSA-2013:1459 url
https://access.redhat.com/security/cve/CVE-2012-6085 url
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=f0b33b6fb8e0586e9584a7a409dcc31263776a67 url

Open in Interactive Console →