Wind River Support Network

HomeDefectsLIN7-9883
Fixed

LIN7-9883 : Security Advisory - gnupg - CVE-2018-12020

Created: Jun 15, 2018    Updated: Oct 26, 2018
Resolved Date: Aug 14, 2018
Found In Version: 7.0.0.28
Fix Version: 7.0.0.29
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace

Description

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the --status-fd 2 option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.

https://nvd.nist.gov/vuln/detail/CVE-2018-12020

Other Downloads


CVEs


Live chat
Online