CVE-2022-3219
ADVISORY - debianSummary
GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
- gnupg2 (unimportant) https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://dev.gnupg.org/D556 https://dev.gnupg.org/T5993 https://www.openwall.com/lists/oss-security/2022/07/04/8 GnuPG upstream is not implementing this change.
EPSS Score: 0.00012 (0.012)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Out-of-bounds Write
ADVISORY - redhat
Out-of-bounds Write
Debian
CREATED
UPDATED
ADVISORY IDCVE-2022-3219
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/Alow| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/gnupg2 | deb | debian | 12 | >=2.2.40-1.1 | Not yet available |
| debian/gnupg2 | deb | debian | unstable | >=2.4.7-19 | Not yet available |
| debian/gnupg2 | deb | debian | 13 | >=2.4.7-17 | Not yet available |
| debian/gnupg2 | deb | debian | 11 | >=2.2.27-2+deb11u2 | Not yet available |
Severity and metrics
No CVSS data available from this advisory.
NIST
CREATED
UPDATED
ADVISORY IDCVE-2022-3219
EXPLOITABILITY SCORE
1.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
3.3lowUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2022-3219
EXPLOITABILITY SCORE
1.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
3.3lowRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2022-3219
EXPLOITABILITY SCORE
2.5
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.2lowChainguard
CREATED
UPDATED
ADVISORY ID
CGA-qv69-x9jf-vm7x
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-