Univention Bugzilla – Bug 32810
gnupg2: Denial of service (3.1)
Last modified: 2016-08-04 16:31:02 CEST
A parsing error in the code to process PGP keys can lead to an infinite loop, resulting in denial of service (CVE-2013-4402).
The following was reported for gpg (CVE-2013-4351):
RFC 4880 permits OpenPGP keyholders to mark their primary keys and
subkeys with a "key flags" packet that indicates the capabilities of the
key . These are represented as a set of binary flags, including
things like "This key may be used to encrypt communications."
If a key or subkey has this "key flags" subpacket attached with all bits
cleared (off), GnuPG currently treats the key as having all bits set
(on). While keys with this sort of marker are very rare in the wild,
GnuPG's misinterpretation of this subpacket could lead to a breach of
confidentiality or a mistaken identity verification.
This was also fixed/imported as part of the Debian 6.0.8 import in UCS 3.2
(In reply to Moritz Muehlenhoff from comment #2)
> This was also fixed/imported as part of the Debian 6.0.8 import in UCS 3.2