CVE-2018-12020

 

Published at: - 08-06-2018 11:29

Last modified: - 21-01-2023 01:49

Total changes: - 4

Description

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

 

Verification logic

 

Reference

• https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
• https://dev.gnupg.org/T4012
• http://openwall.com/lists/oss-security/2018/06/08/2
• DSA-4224-Third Party Advisory
• DSA-4223-Third Party Advisory
• DSA-4222-Third Party Advisory
• 1041051-Broken Link
• USN-3675-1-Third Party Advisory
• 104450-Broken Link
• USN-3675-2-Third Party Advisory
• USN-3675-3-Third Party Advisory
• RHSA-2018:2181-Third Party Advisory
• RHSA-2018:2180-Third Party Advisory
• https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
• [oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)-Mailing List, Third Party Advisory
• 20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients-Mailing List, Third Party Advisory
• http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html
• USN-3964-1-Third Party Advisory
• https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
• https://github.com/RUB-NDS/Johnny-You-Are-Fired
• [debian-lts-announce] 20211228 [SECURITY] [DLA 2862-1] python-gnupg security update-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2018-12020

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures