What is the severity of REDHAT-BUG-2127010?

The severity of REDHAT-BUG-2127010 is not explicitly defined but may cause performance issues due to GnuPG spinning on crafted inputs.

How do I fix REDHAT-BUG-2127010?

To fix REDHAT-BUG-2127010, apply the proposed patches provided by the vulnerability reporter.

What impact does REDHAT-BUG-2127010 have on GnuPG functionality?

REDHAT-BUG-2127010 can lead to significant performance degradation when processing specially crafted public keys.

Is there a workaround for REDHAT-BUG-2127010?

Currently, there is no official workaround for REDHAT-BUG-2127010.

What versions of GnuPG are affected by REDHAT-BUG-2127010?

REDHAT-BUG-2127010 affects GnuPG software, but specific version details are not provided in the report.

Vulnerability/
REDHAT-BUG-2127010

low

15/9/2022

7/7/2023

REDHAT-BUG-2127010

First published: Thu Sep 15 2022(Updated: )

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB; see $URL and the surrounding email threads for more details and test-cases. The reporter has some proposed patches at <a href="https://dev.gnupg.org/D556">https://dev.gnupg.org/D556</a> (and in oss-security / gnupg-devel threads); mostly these flag/reject compressed packets and indeterminate-length packets in contexts where they make no sense and arguably are not within the spec (certificates, keys, detached signatures).

Affected Software	Affected Version	How to fix
Debian GnuPG

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-2127010?
The severity of REDHAT-BUG-2127010 is not explicitly defined but may cause performance issues due to GnuPG spinning on crafted inputs.
How do I fix REDHAT-BUG-2127010?
To fix REDHAT-BUG-2127010, apply the proposed patches provided by the vulnerability reporter.
What impact does REDHAT-BUG-2127010 have on GnuPG functionality?
REDHAT-BUG-2127010 can lead to significant performance degradation when processing specially crafted public keys.
Is there a workaround for REDHAT-BUG-2127010?
Currently, there is no official workaround for REDHAT-BUG-2127010.
What versions of GnuPG are affected by REDHAT-BUG-2127010?
REDHAT-BUG-2127010 affects GnuPG software, but specific version details are not provided in the report.

agent/references
agent/type
agent/first-publish-date
agent/last-modified-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-3219
agent/severity
agent/description
agent/event
agent/trending
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/gnupg
canonical/debian gnupg

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.