VDB
CVE-2020-24972
CVE-2020-24972
PUBLISHED
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.
EPSS 21.34% · 95.8th percentile
Risk Scores
EPSS Score
21.34%
95.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:25.10 | kleopatra | 4:25.04.2-0ubuntu1, 4:25.04.3-0ubuntu1, 4:25.07.80-0ubuntu1 |
| Ubuntu:18.04:LTS | kleopatra | 0, 4:17.04.3-0ubuntu1, 4:17.12.2-0ubuntu2 |
| Ubuntu:24.04:LTS | kleopatra | 4:23.08.5-0ubuntu1, 0, 4:23.08.2-0ubuntu1 |
| Ubuntu:22.04:LTS | kleopatra | 4:21.12.3-0ubuntu1, 4:21.11.90-0ubuntu1, 4:21.12.0-0ubuntu1 |
| Ubuntu:20.04:LTS | kleopatra | 4:19.04.3-0ubuntu1, 4:19.04.3-0ubuntu2, 4:19.12.3-0ubuntu1 |
Exploit Intelligence
- PoC for CVE-2020-24972 (github-poc-repo)
- PoC for CVE-2020-24972 (github-poc-repo)
- PoC for CVE-2020-24972 (github-poc-repo)
- PoC for CVE-2020-24972 (github-poc-repo)
- PoC for CVE-2020-24972 (github-poc-repo)
- PoC for CVE-2020-24972 (github-poc-repo)
- PoC for CVE-2020-24972 (github-poc-repo)
- PoC for CVE-2020-24972 (github-poc)
- PoC for CVE-2020-24972 (github-poc)
- PoC for CVE-2020-24972 (github-poc)
…and 9 more exploits
Timeline
- Aug 29, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- May 13, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-24972 third-party-advisory
- https://dev.gnupg.org/rKLEOPATRAb4bd63c1739900d94c04da03045e9445a5a5f54b third-party-advisory
- https://dev.gnupg.org/source/kleo/browse/master/CMakeLists.txt third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-24972 third-party-advisory