Home

CVE-2022-34903

Description

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victims keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS Score
Exploitation Probability
2.397

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-34903 are affected in GnuPG for windows 2.3.6Windows
gnupg2 security update(DSA-5174-1) gnupg2_2.2.12-1+deb10u2_all.debLinux
gnupg2 security update(DSA-5174-1) gnupg2_2.2.27-2+deb11u2_all.debLinux
GNU privacy guard - a free PGP replacement (USN-5503-1) gpg_2.2.4-1ubuntu1.6_i386.debLinux
GNU privacy guard - a free PGP replacement (USN-5503-1) gpg_2.2.4-1ubuntu1.6_amd64.debLinux
GNU privacy guard - a free PGP replacement (USN-5503-1) gpg_2.2.19-3ubuntu2.2_i386.debLinux
GNU privacy guard - a free PGP replacement (USN-5503-1) gpg_2.2.19-3ubuntu2.2_amd64.debLinux
GNU privacy guard - a free PGP replacement (USN-5503-1) gpg_2.2.20-1ubuntu4.1_i386.debLinux
GNU privacy guard - a free PGP replacement (USN-5503-1) gpg_2.2.20-1ubuntu4.1_amd64.debLinux
GNU privacy guard - a free PGP replacement (USN-5503-1) gpg_2.2.27-3ubuntu2.1_i386.debLinux
GNU privacy guard - a free PGP replacement (USN-5503-1) gpg_2.2.27-3ubuntu2.1_amd64.debLinux
GNU privacy guard - a free PGP replacement (USN-5503-1) gnupg_2.2.4-1ubuntu1.6_i386.debLinux
GNU privacy guard - a free PGP replacement (USN-5503-1) gnupg_2.2.4-1ubuntu1.6_amd64.debLinux
GNU privacy guard - a free PGP replacement (USN-5503-1) gnupg_2.2.19-3ubuntu2.2_all.debLinux
GNU privacy guard - a free PGP replacement (USN-5503-1) gnupg_2.2.20-1ubuntu4.1_all.debLinux
GNU privacy guard - a free PGP replacement (USN-5503-1) gnupg_2.2.27-3ubuntu2.1_all.debLinux
GNU privacy guard - a free PGP replacement (USN-5503-1) gnupg2_2.2.4-1ubuntu1.6_all.debLinux
GNU privacy guard - a free PGP replacement (USN-5503-1) gnupg2_2.2.19-3ubuntu2.2_all.debLinux
GNU privacy guard - a free PGP replacement (USN-5503-1) gnupg2_2.2.20-1ubuntu4.1_all.debLinux
GNU privacy guard - a free PGP replacement (USN-5503-1) gnupg2_2.2.27-3ubuntu2.1_all.debLinux
SUSE-SU-2022:2529-1(SUSE Linux Enterprise Server 12-SP5 ) gpg2-2.0.24-9.11.1.x86_64.rpmLinux
SUSE-SU-2022:2529-1(SUSE Linux Enterprise Server 12-SP5 ) gpg2-debuginfo-2.0.24-9.11.1.x86_64.rpmLinux
SUSE-SU-2022:2529-1(SUSE Linux Enterprise Server 12-SP5 ) gpg2-debugsource-2.0.24-9.11.1.x86_64.rpmLinux
SUSE-SU-2022:2529-1(SUSE Linux Enterprise Server 12-SP5 ) gpg2-lang-2.0.24-9.11.1.noarch.rpmLinux
Gnupg2 update (ELSA-2022-6463) gnupg2-2.2.20-3.el8_6.x86_64.rpmLinux
Gnupg2-smime update (ELSA-2022-6463) gnupg2-smime-2.2.20-3.el8_6.x86_64.rpmLinux
(RHSA-2022:6463) gnupg2 security update gnupg2-2.2.20-3.el8_6.x86_64.rpmLinux
(RHSA-2022:6463) gnupg2 security update gnupg2-debugsource-2.2.20-3.el8_6.x86_64.rpmLinux
(RHSA-2022:6463) gnupg2 security update gnupg2-smime-2.2.20-3.el8_6.x86_64.rpmLinux
Gnupg2 update (ELSA-2022-6602) gnupg2-2.3.3-2.el9_0.x86_64.rpmLinux
Gnupg2-smime update (ELSA-2022-6602) gnupg2-smime-2.3.3-2.el9_0.x86_64.rpmLinux
(RHSA-2022:6602) gnupg2 security update gnupg2-2.3.3-2.el9_0.x86_64.rpmLinux
(RHSA-2022:6602) gnupg2 security update gnupg2-debugsource-2.3.3-2.el9_0.x86_64.rpmLinux
(RHSA-2022:6602) gnupg2 security update gnupg2-smime-2.3.3-2.el9_0.x86_64.rpmLinux
gnupg2 security update (RLSA-2022:6463) gnupg2-2.2.20-3.el8_6.x86_64.rpmLinux
gnupg2 security update (RLSA-2022:6463) gnupg2-smime-2.2.20-3.el8_6.x86_64.rpmLinux
gnupg2 security update (RLSA-2022:6602) gnupg2-2.3.3-2.el9_0.x86_64.rpmLinux
gnupg2 security update (RLSA-2022:6602) gnupg2-smime-2.3.3-2.el9_0.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2022:2546-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) gpg2-2.2.27-150300.3.5.1.x86_64_15_SP3.rpmLinux
SUSE-SU-2022:2546-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) dirmngr-2.2.27-150300.3.5.1.x86_64_15_SP3.rpmLinux
SUSE-SU-2022:2546-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) gpg2-lang-2.2.27-150300.3.5.1.noarch_15_SP3.rpmLinux
(RHSA-2022:6463)Moderate: security update gnupg2-debuginfo-2.2.20-3.el8_6.x86_64.rpmLinux
(RHSA-2022:6463)Moderate: security update gnupg2-smime-debuginfo-2.2.20-3.el8_6.x86_64.rpmLinux
gnupg2 Security Update (ALAS-2022-1834) gnupg2-2.0.22-5.amzn2.0.5.x86_64.rpmLinux
gnupg2 Security Update (ALAS-2022-1834) gnupg2-smime-2.0.22-5.amzn2.0.5.x86_64.rpmLinux
gnupg2 Security Update (ALAS-2023-087) gnupg2-2.3.7-1.amzn2023.0.3.x86_64.rpmLinux
gnupg2 Security Update (ALAS-2023-087) gnupg2-smime-2.3.7-1.amzn2023.0.3.x86_64.rpmLinux
gnupg2 Security Update (ALAS-2023-087) gnupg2-minimal-2.3.7-1.amzn2023.0.3.x86_64.rpmLinux
Moderate: gnupg2 security update gnupg2-2.2.20-3.el8_6.x86_64.rpmLinux
Moderate: gnupg2 security update gnupg2-smime-2.2.20-3.el8_6.x86_64.rpmLinux
gnupg2 Security Update (ALAS2-2022-1834) gnupg2-smime-2.0.22-5.amzn2.0.5.x86_64.rpmLinux
gnupg2 Security Update (ALAS2023-2023-087) gnupg2-2.3.7-1.amzn2023.0.3.x86_64.rpmLinux
gnupg2 Security Update (ALAS2023-2023-087) gnupg2-minimal-2.3.7-1.amzn2023.0.3.x86_64.rpmLinux
gnupg2 Security Update (ALAS2023-2023-087) gnupg2-smime-2.3.7-1.amzn2023.0.3.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234