CyberSec.Space Logo
Back to CVE Browser

CVE-2019-13050

HIGH
7.5
CVSS Severity Score
EPSS Score0.0510%
EPSS Percentile24.75th
PublishedJun 29, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.

Affected Platforms (CPE)

πŸ“¦
Gnupg

Gnupg

<= 2.2.16
πŸ“¦
Sks Keyserver Project

Sks Keyserver

<= 1.2.0
πŸ’»
Fedoraproject

Fedora

= 29
πŸ’»
Fedoraproject

Fedora

= 30
πŸ’»
Opensuse

Leap

= 15.0
πŸ’»
Opensuse

Leap

= 15.1
πŸ“¦
F5

Traffix Signaling Delivery Controller

>= 5.0.0 and <= 5.1.0

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html
πŸ”— https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
πŸ”— https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
πŸ”— https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
πŸ”— https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/
πŸ”— https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html

Related Vulnerabilities

CVE-2006-623510.0

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to ...

CVE-2003-025510.0

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns ...

CVE-2018-123569.8

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routi...

CVE-2008-15309.3

GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via c...