VDB

GCVE-110-MAGEIA-2013-299

GCVE-110-MAGEIA-2013-299
Advisory Published
Vulnetix · Advisory published October 9, 2013
Updated gnupg2 package fixes security vulnerabilities: RFC 4880 permits OpenPGP keyholders to mark their primary keys and subkeys with a "key flags" packet that indicates the capabilities of the key. These are represented as a set of binary flags, including things like "This key may be used to encrypt communications." If a key or subkey has this "key flags" subpacket attached with all bits cleared (off), GnuPG currently treats the key as having all bits set (on). While keys with this sort of marker are very rare in the wild, GnuPG's misinterpretation of this subpacket could lead to a breach of confidentiality or a mistaken identity verification (CVE-2013-4351). Special crafted input data may be used to cause a denial of service against GPG. GPG can be forced to recursively parse certain parts of OpenPGP messages ad infinitum (CVE-2013-4402).

Affected Products

VendorProductVersionsPlatforms
Mageiagnupg20 (affected), 2.0.19-3.2.mga3 (unaffected)
Mageiagnupg20 (affected), 2.0.18-1.4.mga2 (unaffected)

Browse GCVE Records

73,866 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›