CVE-2012-6085
gnupg - missing input sanitation
EPSS 2.3%
Description
The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.
How to fix CVE-2012-6085
To remediate CVE-2012-6085, upgrade the affected package to a fixed version below.
- Debian/gnupg—upgrade to 1.4.10-4+squeeze1 or later
- Debian/gnupg2—upgrade to 2.0.19-2 or later
- Debian/gnupg2—upgrade to 2.0.14-2+squeeze1 or later
Is CVE-2012-6085 being exploited?
Low — EPSS is 2.3%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.4.10-4+squeeze1
- from 0, < 2.0.19-2
- from 0, < 2.0.14-2+squeeze1