NVD

Id
32576  
Name
CVE-2014-4617  
Description
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-19  
Published
2014-06-25  
Modified Date
2017-01-06  
Seq
2014-4617  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
171601 32576 CVE-2014-4617 http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342  View
171602 32576 CVE-2014-4617 http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a  View
171603 32576 CVE-2014-4617 [gnupg-announce] 20140623 [security fix] GnuPG 1.4.17 released  View
171604 32576 CVE-2014-4617 [gnupg-announce] 20140624 [security fix] GnuPG 2.0.24 released  View
171605 32576 CVE-2014-4617 openSUSE-SU-2014:0866  View
171606 32576 CVE-2014-4617 59351  View
171607 32576 CVE-2014-4617 DSA-2968  View
171608 32576 CVE-2014-4617 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
14156 JVNDB-2014-003031 GnuPG の g10/compress.c の do_uncompress 関数におけるサービス運用妨害 (DoS) の脆弱性 GnuPG の g10/compress.c の do_uncompress 関数には、サービス運用妨害 (無限ループ) 状態にされる脆弱性が存在します。 CVE-2014-4617 71906 CVE-2014-4617 32576 5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-003031.html 2014-06-23 2015-06-19 View