GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
Out-of-bounds Write
Out-of-bounds Write
-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/gnupg2 | deb | debian | 12 | >=2.2.40-1.1 | Not yet available |
| debian/gnupg2 | deb | debian | 10 | >=2.2.12-1+deb10u2 | Not yet available |
| debian/gnupg2 | deb | debian | 13 | >=2.2.40-3 | Not yet available |
| debian/gnupg2 | deb | debian | unstable | >=2.2.43-6 | Not yet available |
| debian/gnupg2 | deb | debian | 11 | >=2.2.27-2+deb11u2 | Not yet available |
Severity and metrics
No CVSS data available from this source.
1.8
1.8
2.5
CVE-2022-3219
-
CVE-2022-3219
-