What is the severity of CVE-2018-9234?

The severity of CVE-2018-9234 is high with a severity value of 7.5.

How does CVE-2018-9234 affect GnuPG?

CVE-2018-9234 affects GnuPG versions 2.2.4 and 2.2.5.

What is the recommended remedy for CVE-2018-9234?

The recommended remedy for CVE-2018-9234 is to update GnuPG to version 2.2.6 or higher.

Are there any known exploits or references for CVE-2018-9234?

Yes, you can find more information about CVE-2018-9234 and known exploits or references at the following links: [link1], [link2], [link3].

What is the CWE category for CVE-2018-9234?

The CWE category for CVE-2018-9234 is CWE-320.

Vulnerability/
CVE-2018-9234

high

7.5

CWE

320

4/4/2018

5/8/2024

CVE-2018-9234

First published: Wed Apr 04 2018(Updated: )

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Gnupg Gnupg	=2.2.4
Gnupg Gnupg	=2.2.5
Canonical Ubuntu Linux	=14.04
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=17.10
Canonical Ubuntu Linux	=18.04
debian/gnupg2		2.2.27-2+deb11u2 2.2.40-1.1 2.2.45-2

Remedy

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=a17d2d1f690ebe5d005b4589a5fe378b6487c657

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-9234?
The severity of CVE-2018-9234 is high with a severity value of 7.5.
How does CVE-2018-9234 affect GnuPG?
CVE-2018-9234 affects GnuPG versions 2.2.4 and 2.2.5.
What is the recommended remedy for CVE-2018-9234?
The recommended remedy for CVE-2018-9234 is to update GnuPG to version 2.2.6 or higher.
Are there any known exploits or references for CVE-2018-9234?
Yes, you can find more information about CVE-2018-9234 and known exploits or references at the following links: [link1], [link2], [link3].
What is the CWE category for CVE-2018-9234?
The CWE category for CVE-2018-9234 is CWE-320.

collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/author
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/weakness
agent/severity
agent/remedy
agent/description
agent/references
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
collector/usn-cve
source/Ubuntu
vendor/gnupg
canonical/gnupg gnupg
version/gnupg gnupg/2.2.4
version/gnupg gnupg/2.2.5
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/14.04
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/17.10
version/canonical ubuntu linux/18.04
package-manager/debian

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.