CVE-2005-0366

EPSS 7.68%
Published 02.05.2005 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed.

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Gnupg ≫ Gnupg Version < 1.4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	7.68%	0.91

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

http://eprint.iacr.org/2005/033

Third Party Advisory

http://eprint.iacr.org/2005/033.pdf

Third Party Advisory

Technical Description

http://securitytracker.com/id?1013166

Third Party Advisory

VDB Entry

http://www.gentoo.org/security/en/glsa/glsa-200503-29.xml

Third Party Advisory

http://www.kb.cert.org/vuls/id/303094

Third Party Advisory