CVE 2015-1606
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
Related bugs and status
CVE-2015-1606 (Candidate) is related to these bugs:
Bug #1409117: GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM
Bug #1421640: "gpg2 --refresh-keys" results in "rejected by import filter"
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1421640 | "gpg2 --refresh-keys" results in "rejected by import filter" | gnupg2 (Ubuntu) | Undecided | Fix Released | ||
1421640 | "gpg2 --refresh-keys" results in "rejected by import filter" | gnupg2 (Ubuntu Vivid) | Undecided | Fix Released | ||
1421640 | "gpg2 --refresh-keys" results in "rejected by import filter" | gnupg2 (Ubuntu Utopic) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.