mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
777 B
777 B
CVE-2022-34903
Description
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
POC
Reference
- http://www.openwall.com/lists/oss-security/2022/07/02/1
- https://www.openwall.com/lists/oss-security/2022/06/30/1