VDB
CVE-2019-13050
CVE-2019-13050
PUBLISHED
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.
EPSS 0.55% · 68.5th percentile
Risk Scores
EPSS Score
0.55%
68.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | gnupg2 | 2.1.15-1ubuntu8, 2.2.4-1ubuntu1, 2.2.4-1ubuntu1.3 |
| Ubuntu:20.04:LTS | sks | 1.1.6-14, 0 |
| Ubuntu:Pro:14.04:LTS | gnupg | 1.4.16-1ubuntu1, 1.4.16-1ubuntu2, 1.4.16-1ubuntu2.1 |
| Ubuntu:Pro:16.04:LTS | gnupg2 | 0, 2.0.28-3ubuntu1, 2.0.28-3ubuntu2 |
| Ubuntu:16.04:LTS | sks | 1.1.5-4build1, 1.1.5-4, 0 |
| Ubuntu:Pro:16.04:LTS | gnupg | 1.4.18-7ubuntu1, 0, 1.4.20-1ubuntu3 |
| Ubuntu:18.04:LTS | sks | 0, 1.1.6-14, 1.1.6-13 |
Exploit Intelligence
Timeline
- Jun 29, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-13050 third-party-advisory
- https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f third-party-advisory
- https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html third-party-advisory
- https://tech.michaelaltfield.net/2019/07/14/mitigating-poisoned-pgp-certificates/ third-party-advisory
- https://ubuntu.com/security/notices/USN-5431-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-13050 third-party-advisory