VDB
GHSA-QH62-CH95-63WH
GHSA-QH62-CH95-63WH
PUBLISHED
CVSS 7.5 HIGH
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| csaf_opensuse | python38-python-gnupg-0.4.7-1.2.aarch64 | |
| csaf_opensuse | python312-python-gnupg-0.5.2-1.5.s390x | |
| csaf_opensuse | python310-python-gnupg-0.5.2-1.5.x86_64 | |
| csaf_opensuse | python310-python-gnupg-0.5.2-1.5.aarch64 | |
| csaf_opensuse | python36-python-gnupg-0.4.7-1.2.s390x | |
| csaf_opensuse | python310-python-gnupg-0.5.2-1.5.s390x | |
| csaf_opensuse | python3-python-gnupg-0.4.4-bp150.2.3.1.noarch | |
| csaf_opensuse | python38-python-gnupg-0.4.7-1.2.x86_64 | |
| csaf_opensuse | openSUSE Leap 15.0 | |
| csaf_opensuse | python311-python-gnupg-0.5.2-1.5.x86_64 | |
| csaf_opensuse | python36-python-gnupg-0.4.7-1.2.ppc64le | |
| csaf_opensuse | python2-python-gnupg-0.4.4-bp150.2.3.1.noarch | |
| csaf_opensuse | python311-python-gnupg-0.5.2-1.5.aarch64 | |
| n/a | n/a | |
| csaf_opensuse | python39-python-gnupg-0.4.7-1.2.s390x | |
| csaf_opensuse | python312-python-gnupg-0.5.2-1.5.ppc64le | |
| csaf_opensuse | python3-python-gnupg-0.4.4-lp150.2.6.1.noarch | |
| csaf_opensuse | SUSE Package Hub 15 | |
| csaf_opensuse | python38-python-gnupg-0.4.7-1.2.s390x | |
| csaf_opensuse | python2-python-gnupg-0.4.4-lp150.2.6.1.noarch |
…and 13 more
Timeline
- CVE Published
- Feb 22, 2026 Security Advisory
- Mar 7, 2026 Distribution Patch
- Mar 7, 2026 Distribution Patch
- Mar 7, 2026 Distribution Patch
- Mar 7, 2026 Security Advisory
- Mar 21, 2026 Distribution Patch
- Mar 21, 2026 Distribution Patch