CVE-2018-12020

by Fred · 08/06/2018

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "–status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.

Date published : 2018-06-08

http://www.securityfocus.com/bid/104450

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

CVE-2018-12020

Similar

Recent Posts

Categories

CVE-2018-12020

Share this:

Similar

Recent Posts

Categories

Tags