What is the severity of CVE-2006-0455?

CVE-2006-0455 is considered a medium severity vulnerability due to its potential to mislead programs into assuming a successful signature verification.

How do I fix CVE-2006-0455?

To fix CVE-2006-0455, upgrade to GnuPG version 1.4.2.1 or later, where this issue has been resolved.

What software is affected by CVE-2006-0455?

CVE-2006-0455 affects GnuPG versions prior to 1.4.2.1, specifically versions 1.0 to 1.4.1.

How does CVE-2006-0455 impact digital signature verification?

CVE-2006-0455 can cause gpgv to return a success exit code even when a detached signature file lacks a valid signature, leading to false confidence in security.

Are there workaround solutions for CVE-2006-0455?

While upgrading GnuPG is the best solution for CVE-2006-0455, using additional verification processes outside of gpgv could serve as a temporary workaround.

Vulnerability/
CVE-2006-0455

medium

4.6

CWE

NVD-CWE-Other

15/2/2006

7/8/2024

CVE-2006-0455

First published: Wed Feb 15 2006(Updated: )

gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.0
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.0.1
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.0.2
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.0.3
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.0.3b
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.0.4
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.0.5
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.0.6
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.0.7
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.2
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.2.1
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.2.2
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.2.2-rc1
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.2.3
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.2.4
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.2.5
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.2.6
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.2.7
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.3.3
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.3.4
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.4
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.4.1
GnuPGME (Gnu Privacy Guard Message Envelopes)	=1.4.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-0455?
CVE-2006-0455 is considered a medium severity vulnerability due to its potential to mislead programs into assuming a successful signature verification.
How do I fix CVE-2006-0455?
To fix CVE-2006-0455, upgrade to GnuPG version 1.4.2.1 or later, where this issue has been resolved.
What software is affected by CVE-2006-0455?
CVE-2006-0455 affects GnuPG versions prior to 1.4.2.1, specifically versions 1.0 to 1.4.1.
How does CVE-2006-0455 impact digital signature verification?
CVE-2006-0455 can cause gpgv to return a success exit code even when a detached signature file lacks a valid signature, leading to false confidence in security.
Are there workaround solutions for CVE-2006-0455?
While upgrading GnuPG is the best solution for CVE-2006-0455, using additional verification processes outside of gpgv could serve as a temporary workaround.

agent/author
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
collector/nvd-api
agent/softwarecombine
vendor/gnu
canonical/gnupgme (gnu privacy guard message envelopes)
version/gnupgme (gnu privacy guard message envelopes)/1.0
version/gnupgme (gnu privacy guard message envelopes)/1.0.1
version/gnupgme (gnu privacy guard message envelopes)/1.0.2
version/gnupgme (gnu privacy guard message envelopes)/1.0.3
version/gnupgme (gnu privacy guard message envelopes)/1.0.3b
version/gnupgme (gnu privacy guard message envelopes)/1.0.4
version/gnupgme (gnu privacy guard message envelopes)/1.0.5
version/gnupgme (gnu privacy guard message envelopes)/1.0.6
version/gnupgme (gnu privacy guard message envelopes)/1.0.7
version/gnupgme (gnu privacy guard message envelopes)/1.2
version/gnupgme (gnu privacy guard message envelopes)/1.2.1
version/gnupgme (gnu privacy guard message envelopes)/1.2.2
version/gnupgme (gnu privacy guard message envelopes)/1.2.2-rc1
version/gnupgme (gnu privacy guard message envelopes)/1.2.3
version/gnupgme (gnu privacy guard message envelopes)/1.2.4
version/gnupgme (gnu privacy guard message envelopes)/1.2.5
version/gnupgme (gnu privacy guard message envelopes)/1.2.6
version/gnupgme (gnu privacy guard message envelopes)/1.2.7
version/gnupgme (gnu privacy guard message envelopes)/1.3.3
version/gnupgme (gnu privacy guard message envelopes)/1.3.4
version/gnupgme (gnu privacy guard message envelopes)/1.4
version/gnupgme (gnu privacy guard message envelopes)/1.4.1
version/gnupgme (gnu privacy guard message envelopes)/1.4.2

CVE-2006-0455

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-0455?

How do I fix CVE-2006-0455?

What software is affected by CVE-2006-0455?

How does CVE-2006-0455 impact digital signature verification?

Are there workaround solutions for CVE-2006-0455?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2006-0455?

How do I fix CVE-2006-0455?

What software is affected by CVE-2006-0455?

How does CVE-2006-0455 impact digital signature verification?

Are there workaround solutions for CVE-2006-0455?