VDB
GCVE-110-MAGEIA-2013-299
GCVE-110-MAGEIA-2013-299
Advisory Published
Updated gnupg2 package fixes security vulnerabilities:
RFC 4880 permits OpenPGP keyholders to mark their primary keys and subkeys
with a "key flags" packet that indicates the capabilities of the key. These
are represented as a set of binary flags, including things like "This key may
be used to encrypt communications." If a key or subkey has this "key flags"
subpacket attached with all bits cleared (off), GnuPG currently treats the key
as having all bits set (on). While keys with this sort of marker are very rare
in the wild, GnuPG's misinterpretation of this subpacket could lead to a
breach of confidentiality or a mistaken identity verification (CVE-2013-4351).
Special crafted input data may be used to cause a denial of service against
GPG. GPG can be forced to recursively parse certain parts of OpenPGP messages
ad infinitum (CVE-2013-4402).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | gnupg2 | 0 (affected), 2.0.19-3.2.mga3 (unaffected) | — |
| Mageia | gnupg2 | 0 (affected), 2.0.18-1.4.mga2 (unaffected) | — |
Browse GCVE Records
73,866 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.