CVEブラウザに戻る

CVE-2003-0255

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0580%

EPSS Percentile28.09th

Published2003年5月27日

Last Modified2026年4月16日

Vulnerability Description

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.

Affected Platforms (CPE)

📦

Gnu

Privacy Guard

<= 1.2.1

References & Advisories

🔗 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694

🔗 http://marc.info/?l=bugtraq&m=105215110111174&w=2

🔗 http://marc.info/?l=bugtraq&m=105301357425157&w=2

🔗 http://marc.info/?l=bugtraq&m=105311804129104&w=2

🔗 http://marc.info/?l=bugtraq&m=105362224514081&w=2

🔗 http://www.kb.cert.org/vuls/id/397604

🔗 http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html

🔗 http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html

関連する脆弱性情報

CVE-2001-05227.5

Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via ...

CVE-2001-02732.6

pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via ...

CVE-2003-019610.0

Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service...

CVE-2003-030410.0

one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the inst...