Home CVE Database CVE-2018-12020

CVE-2018-12020

Description

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the --status-fd 2 option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.

Priority: MEDIUM
CVSS v3: 7.5
Publish Date: Jun 8, 2018
Related ID: --
CVSS v2: HIGH
Modified Date: Jun 12, 2018

Find out more about CVE-2018-12020 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

gnupg

Live chat
Online