Vulnerability Details : CVE-2001-0522
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
Exploit prediction scoring system (EPSS) score for CVE-2001-0522
Probability of exploitation activity in the next 30 days: 1.81%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2001-0522
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2001-0522
-
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3
Patch;Vendor Advisory
-
http://www.debian.org/security/2001/dsa-061
-
http://www.securityfocus.com/bid/2797
-
http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt
-
http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html
-
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01
-
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000399
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/6642
-
http://www.kb.cert.org/vuls/id/403051
US Government Resource
-
http://www.redhat.com/support/errata/RHSA-2001-073.html
-
http://www.gnupg.org/whatsnew.html#rn20010529
-
http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html
-
http://online.securityfocus.com/archive/1/188218
Products affected by CVE-2001-0522
- cpe:2.3:a:gnu:privacy_guard:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:8.0:*:*:*:*:*:*:*