5

CVE-2005-0366

The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnupgGnupg Version < 1.4.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.95% 0.854
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

http://eprint.iacr.org/2005/033
Third Party Advisory
http://eprint.iacr.org/2005/033.pdf
Third Party Advisory
Technical Description
http://securitytracker.com/id?1013166
Third Party Advisory
VDB Entry
http://www.gentoo.org/security/en/glsa/glsa-200503-29.xml
Third Party Advisory
http://www.kb.cert.org/vuls/id/303094
Third Party Advisory
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2005:057
Broken Link
http://www.novell.com/linux/security/advisories/2005_07_sr.html
Broken Link
http://www.osvdb.org/13775
Broken Link
http://www.pgp.com/library/ctocorner/openpgp.html
Broken Link
http://www.securityfocus.com/bid/12529
Third Party Advisory
VDB Entry