CVE 2015-1607
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."
Related bugs and status
CVE-2015-1607 (Candidate) is related to these bugs:
Bug #1409117: GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM
Bug #1421640: "gpg2 --refresh-keys" results in "rejected by import filter"
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1421640 | "gpg2 --refresh-keys" results in "rejected by import filter" | gnupg2 (Ubuntu) | Undecided | Fix Released | ||
1421640 | "gpg2 --refresh-keys" results in "rejected by import filter" | gnupg2 (Ubuntu Vivid) | Undecided | Fix Released | ||
1421640 | "gpg2 --refresh-keys" results in "rejected by import filter" | gnupg2 (Ubuntu Utopic) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.