CVE - CVE-2012-6085

CVE-ID
CVE-2012-6085	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:57102 URL:http://www.securityfocus.com/bid/57102 MISC:FEDORA-2013-0148 URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html MISC:FEDORA-2013-0377 URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html MISC:MDVSA-2013:001 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2013:001~~ (Obsolete source) MISC:RHSA-2013:1459 URL:http://rhn.redhat.com/errata/RHSA-2013-1459.html MISC:USN-1682-1 URL:http://www.ubuntu.com/usn/USN-1682-1 MISC:[oss-security] 20130101 Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption URL:http://www.openwall.com/lists/oss-security/2013/01/01/6 MISC:gnupg-public-keys-code-exec(80990) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/80990 MISC:http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67 URL:http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67 MISC:https://bugs.g10code.com/gnupg/issue1455 URL:https://bugs.g10code.com/gnupg/issue1455 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=891142 URL:https://bugzilla.redhat.com/show_bug.cgi?id=891142
Assigning CNA
Red Hat, Inc.
Date Record Created
20121206	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20121206)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)