CVE-2001-0522
First published: Tue Aug 14 2001(Updated: )
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GnuPG | =7.1 | |
| GnuPG | =7.2 | |
| GnuPG | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3
- http://www.gnupg.org/whatsnew.html#rn20010529
- http://online.securityfocus.com/archive/1/188218
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000399
- http://www.debian.org/security/2001/dsa-061
- http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01
- http://www.redhat.com/support/errata/RHSA-2001-073.html
- http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt
- http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html
- http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html
- http://www.kb.cert.org/vuls/id/403051
- http://www.securityfocus.com/bid/2797
- http://www.osvdb.org/1845
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6642
Frequently Asked Questions
What is the severity of CVE-2001-0522?
CVE-2001-0522 is considered a medium severity vulnerability due to the potential privilege escalation it poses.
How do I fix CVE-2001-0522?
To fix CVE-2001-0522, you should update Gnu Privacy Guard to version 1.06 or later.
What software is affected by CVE-2001-0522?
CVE-2001-0522 affects Gnu Privacy Guard versions 1.05 and earlier.
What type of vulnerability is CVE-2001-0522?
CVE-2001-0522 is a format string vulnerability that could be exploited through manipulated filenames in encrypted files.
What can an attacker gain by exploiting CVE-2001-0522?
An attacker exploiting CVE-2001-0522 can potentially gain elevated privileges on a target system.
- agent/references
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/gnu
- product/privacy guard
- canonical/gnu privacy guard
- canonical/gnupg
- version/gnupg/7.1
- version/gnupg/7.2
- version/gnupg/8.0