VDB

CVE-2019-6690

CVE-2019-6690 PUBLISHED

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.

EPSS 21.43% · 95.8th percentile

Risk Scores

EPSS Score
21.43%
95.8th percentile

Affected Products

VendorProductVersions
Ubuntu:22.04:LTSpython-gnupg0.4.7-1, 0.4.8-1, 0
Ubuntu:Pro:14.04:LTSpython-gnupg0, 0.3.5-2, 0.3.6-1
Ubuntu:20.04:LTSpython-gnupg0, 0.4.5-2, 0.4.5-1
Ubuntu:Pro:16.04:LTSpython-gnupg0.3.8-1, 0, 0.3.7-2
Ubuntu:18.04:LTSpython-gnupg0, 0.4.1-1ubuntu1, 0.3.9-1

Exploit Intelligence

…and 19 more exploits

Timeline

  • Apr 14, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 29, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 11, 2023 EPSS Score
  • Jul 14, 2023 EPSS Score
  • Sep 15, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›