Product:

Gpg4win

(Gpg4win)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 4
Date Id Summary Products Score Patch Annotated
2023-01-12 CVE-2022-3515 A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment. Gnupg, Libksba, Vs\-Desktop, Gpg4win 9.8
2020-09-03 CVE-2020-25125 GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version. Gnupg, Gpg4win N/A
2009-10-27 CVE-2009-3805 gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature. Gpg4win N/A
2006-12-07 CVE-2006-6235 A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. Privacy_guard, Gpg4win, Enterprise_linux, Enterprise_linux_desktop, Fedora_core, Linux_advanced_workstation, Linux, Slackware_linux, Ubuntu_linux N/A