CVE-2003-0255
First published: Wed May 07 2003(Updated: )
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GnuPG | <=1.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/support/errata/RHSA-2003-175.html
- http://www.redhat.com/support/errata/RHSA-2003-176.html
- http://www.kb.cert.org/vuls/id/397604
- http://www.securityfocus.com/bid/7497
- http://www.osvdb.org/4947
- http://www.turbolinux.com/security/TLSA-2003-34.txt
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694
- http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html
- http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:061
- http://marc.info/?l=bugtraq&m=105301357425157&w=2
- http://marc.info/?l=bugtraq&m=105311804129104&w=2
- http://marc.info/?l=bugtraq&m=105215110111174&w=2
- http://marc.info/?l=bugtraq&m=105362224514081&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11930
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135
Frequently Asked Questions
What is the severity of CVE-2003-0255?
CVE-2003-0255 has a medium severity rating due to improper key validation in GnuPG.
How do I fix CVE-2003-0255?
To fix CVE-2003-0255, upgrade GnuPG to version 1.2.2 or later.
Who is affected by CVE-2003-0255?
Users of GnuPG versions prior to 1.2.2 are affected by CVE-2003-0255.
What vulnerabilities does CVE-2003-0255 introduce?
CVE-2003-0255 introduces the risk of encrypting data without a trusted user ID, potentially compromising security.
Is a workaround available for CVE-2003-0255?
There is no recommended workaround for CVE-2003-0255; the best approach is to upgrade to a secure version.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/weakness
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/gnu
- product/privacy guard
- canonical/gnu privacy guard
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/gnupg
- version/gnupg/1.2.1