DEBIAN-CVE-2019-6690

DEBIAN-CVE-2019-6690 PUBLISHED CVSS 7.5 HIGH

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

Vendor	Product	Versions
Debian:12	python-gnupg	0, 0, 0
Debian:14	python-gnupg	0, 0, 0
Debian:11	python-gnupg	0, 0, 0
Debian:13	python-gnupg	0, 0, 0

Timeline

Mar 21, 2019 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2019-6690 advisory

Open in Interactive Console →