Bug 32810 - gnupg2: Denial of service (3.1)
gnupg2: Denial of service (3.1)
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P4 normal (vote)
: UCS 3.2
Assigned To: Moritz Muehlenhoff
Janek Walkenhorst
: interim-4
Depends on:
  Show dependency treegraph
Reported: 2013-10-07 06:53 CEST by Moritz Muehlenhoff
Modified: 2016-08-04 16:31 CEST (History)
0 users

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2013-10-07 06:53:48 CEST
A parsing error in the code to process PGP keys can lead to an infinite loop, resulting in denial of service (CVE-2013-4402).
Comment 1 Moritz Muehlenhoff univentionstaff 2013-10-07 06:54:40 CEST
The following was reported for gpg (CVE-2013-4351):

RFC 4880 permits OpenPGP keyholders to mark their primary keys and
subkeys with a "key flags" packet that indicates the capabilities of the
key [0].  These are represented as a set of binary flags, including
things like "This key may be used to encrypt communications."

If a key or subkey has this "key flags" subpacket attached with all bits
cleared (off), GnuPG currently treats the key as having all bits set
(on).  While keys with this sort of marker are very rare in the wild,
GnuPG's misinterpretation of this subpacket could lead to a breach of
confidentiality or a mistaken identity verification.
Comment 2 Moritz Muehlenhoff univentionstaff 2013-11-12 13:25:57 CET
This was also fixed/imported as part of the Debian 6.0.8 import in UCS 3.2
Comment 3 Janek Walkenhorst univentionstaff 2013-11-20 15:49:27 CET
(In reply to Moritz Muehlenhoff from comment #2)
> This was also fixed/imported as part of the Debian 6.0.8 import in UCS 3.2