Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-6085

The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.

Related bugs and status

CVE-2012-6085 (Candidate) is related to these bugs:

Bug #1097188: gnupg key import memory corruption

Summary				In	Importance	Status
	1097188	gnupg key import memory corruption		gnupg (Ubuntu)	Undecided	Fix Released
	1097188	gnupg key import memory corruption		gnupg2 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.redha...
MISC: http://www.securityfoc...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://www.mandriva.co...
MISC: http://rhn.redhat.com/...
MISC: http://www.ubuntu.com/...
MISC: http://www.openwall.co...
MISC: https://exchange.xforc...
MISC: http://git.gnupg.org/c...
MISC: https://bugs.g10code.c...