Back to CVE Browser

CVE-2003-0255

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0580%

EPSS Percentile28.09th

PublishedMay 27, 2003

Last ModifiedApr 16, 2026

Vulnerability Description

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.

Affected Platforms (CPE)

📦

Gnu

Privacy Guard

<= 1.2.1

References & Advisories

🔗 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694

🔗 http://marc.info/?l=bugtraq&m=105215110111174&w=2

🔗 http://marc.info/?l=bugtraq&m=105301357425157&w=2

🔗 http://marc.info/?l=bugtraq&m=105311804129104&w=2

🔗 http://marc.info/?l=bugtraq&m=105362224514081&w=2

🔗 http://www.kb.cert.org/vuls/id/397604

🔗 http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html

🔗 http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html

Related Vulnerabilities

CVE-2001-05227.5

Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via ...

CVE-2001-02732.6

pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via ...

CVE-2003-019610.0

Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service...

CVE-2003-071510.0

Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers...