CVE-2003-0971
Description
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
Risk Information
Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
2.339
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in GNU Privacy Guard (x64) 1.0.2 | Windows |
| Multiple Vulnerabilities are affected in GNU Privacy Guard (x64) 1.0.3 | Windows |
| Multiple Vulnerabilities are affected in GNU Privacy Guard (x64) 1.0.3b | Windows |
| Multiple Vulnerabilities are affected in GNU Privacy Guard (x64) 1.2.1 | Windows |
| Vulnerabilities CVE-2003-0971,CVE-2006-0049,CVE-2006-0455 are affected in GNU Privacy Guard (x64) 1.0.4 | Windows |
| Vulnerabilities CVE-2003-0971,CVE-2006-0049,CVE-2006-0455 are affected in GNU Privacy Guard (x64) 1.0.5 | Windows |
| Vulnerabilities CVE-2003-0971,CVE-2006-0049,CVE-2006-0455 are affected in GNU Privacy Guard (x64) 1.0.6 | Windows |
| Vulnerabilities CVE-2003-0971,CVE-2006-0049,CVE-2006-0455 are affected in GNU Privacy Guard (x64) 1.0.7 | Windows |
| Vulnerabilities CVE-2003-0971,CVE-2003-0978,CVE-2006-0049,CVE-2006-0455 are affected in GNU Privacy Guard (x64) 1.2 | Windows |
| Vulnerabilities CVE-2003-0971,CVE-2003-0978,CVE-2006-0049,CVE-2006-0455 are affected in GNU Privacy Guard (x64) 1.2.2 | Windows |
| Vulnerabilities CVE-2003-0971,CVE-2003-0978,CVE-2006-0049,CVE-2006-0455 are affected in GNU Privacy Guard (x64) 1.2.2-rc1 | Windows |
| Vulnerabilities CVE-2003-0971,CVE-2003-0978,CVE-2006-0049,CVE-2006-0455 are affected in GNU Privacy Guard (x64) 1.2.3 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-355070 | GNU Privacy Guard (x64) (2.5.16) |
| PATCH-355070 | GNU Privacy Guard (x64) (2.5.16) |
| PATCH-355070 | GNU Privacy Guard (x64) (2.5.16) |
| PATCH-355070 | GNU Privacy Guard (x64) (2.5.16) |
| PATCH-355070 | GNU Privacy Guard (x64) (2.5.16) |
| PATCH-355070 | GNU Privacy Guard (x64) (2.5.16) |
| PATCH-355070 | GNU Privacy Guard (x64) (2.5.16) |
| PATCH-355070 | GNU Privacy Guard (x64) (2.5.16) |
| PATCH-355070 | GNU Privacy Guard (x64) (2.5.16) |
| PATCH-355070 | GNU Privacy Guard (x64) (2.5.16) |
| PATCH-355070 | GNU Privacy Guard (x64) (2.5.16) |
| PATCH-355070 | GNU Privacy Guard (x64) (2.5.16) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234