← back
CVE-2006-0049

CVE-2006-0049

EPSS 2.4%
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-Uhttp://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.htmlhttp://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.htmlhttp://secunia.com/advisories/19173http://secunia.com/advisories/19197http://secunia.com/advisories/19203http://secunia.com/advisories/19231http://secunia.com/advisories/19232http://secunia.com/advisories/19234http://secunia.com/advisories/19244http://secunia.com/advisories/19249http://secunia.com/advisories/19287