CVE-2003-0255

Published May 27, 2003

Last updated 7 years ago

Overview

Description: The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gnu:privacy_guard:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "377F09FD-8BC6-45D2-8712-2180DBEA3F84",
            "versionEndIncluding": "1.2.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References