Vulnerability Details : CVE-2015-1607

kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."

Vulnerability category: Input validationDenial of service

Published 2019-11-20 19:15:11

Updated 2019-11-22 16:19:31

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2015-1607

Probability of exploitation activity in the next 30 days: 0.43%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 71 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-1607

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	nvd@nist.gov
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	nvd@nist.gov
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2015-1607

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-1607

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392

git.gnupg.org Git - gnupg.git/commit
Mailing List;Patch;Vendor Advisory
https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html

Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) | The Fuzzing Project
Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2015/02/14/6

oss-security - Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015)
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html

[Announce] GnuPG 1.4.19 released (with SCA fix)
Mailing List;Release Notes;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/72610

Gnupg2 CVE-2015-1607 Information Disclosure Vulnerability
Third Party Advisory;VDB Entry
http://www.ubuntu.com/usn/usn-2554-1/

USN-2554-1: GnuPG vulnerabilities | Ubuntu security notices
Third Party Advisory
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html

[Announce] GnuPG 2.0.27 "stable" released
Mailing List;Release Notes;Vendor Advisory
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html

[Announce] GnuPG 2.1.2 released
Mailing List;Release Notes;Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/02/13/14

oss-security - Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015)
Mailing List;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2015-1607

Gnupg » Gnupg
Versions from including (>=) 2.1.0 and before (<) 2.1.2
cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*
Matching versions
Gnupg » Gnupg
Versions before (<) 1.4.19
cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*
Matching versions
Gnupg » Gnupg
Versions from including (>=) 2.0 and before (<) 2.0.27
cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 10.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.10
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
Matching versions