返回 CVE 瀏覽器

CVE-2019-13050

HIGH

7.5

CVSS Severity Score

EPSS Score0.0510%

EPSS Percentile24.75th

Published2019年6月29日

Last Modified2024年11月21日

Vulnerability Description

Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.

Affected Platforms (CPE)

📦

Gnupg

Gnupg

<= 2.2.16

📦

Sks Keyserver Project

Sks Keyserver

<= 1.2.0

💻

Fedoraproject

Fedora

= 29

💻

Fedoraproject

Fedora

= 30

💻

Opensuse

Leap

= 15.0

💻

Opensuse

Leap

= 15.1

📦

F5

Traffix Signaling Delivery Controller

>= 5.0.0 and <= 5.1.0

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html

🔗 https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

🔗 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

🔗 https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

🔗 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/

🔗 https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html

相關漏洞威脅

CVE-2006-623510.0

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to ...

CVE-2003-025510.0

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns ...

CVE-2018-123569.8

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routi...

CVE-2008-15309.3

GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via c...