CVE-2003-0971

Published Dec 15, 2003

Last updated 7 years ago

Overview

Description: GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DF7811A-B254-4829-AED2-C70BD5C82592"
          },
          {
            "criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72ED862B-6278-41ED-9619-115E6552AFBB"
          },
          {
            "criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.3b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1869E888-E83C-4A62-AA84-F2C9F2AF12FB"
          },
          {
            "criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3D51820-D735-44FC-95BB-A473FFDE9D35"
          },
          {
            "criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5FB2C28-0E4D-4AE3-A2CC-0197FE578074"
          },
          {
            "criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F2224AF-EA7B-4A3D-8B23-7FC59D66E611"
          },
          {
            "criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A2B3B44-941E-4007-B58A-16E85B87CB33"
          },
          {
            "criteria": "cpe:2.3:a:gnu:privacy_guard:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49A642D7-007E-479D-963E-A74AAE195A54"
          },
          {
            "criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86144B81-D321-4ECA-937F-FFA8A043FCE4"
          },
          {
            "criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A93CAE1-0DFC-43E1-997D-22CDC338D3E8"
          },
          {
            "criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.2:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9896332E-819B-4392-B704-B143DBBE90A7"
          },
          {
            "criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B641ED5-4326-43E7-BF42-982B44478A05"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References