Vulnerability Description
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Gpgme | <= 1.1.3 |
| Gnupg | Gnupg | <= 1.4.6 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
- http://fedoranews.org/cms/node/2775
- http://fedoranews.org/cms/node/2776
- http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html
- http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html
- http://secunia.com/advisories/24365
- http://secunia.com/advisories/24407
- http://secunia.com/advisories/24419
- http://secunia.com/advisories/24420
- http://secunia.com/advisories/24438
- http://secunia.com/advisories/24489
- http://secunia.com/advisories/24511
- http://secunia.com/advisories/24544
- http://secunia.com/advisories/24650
- http://secunia.com/advisories/24734
FAQ
What is CVE-2007-1263?
CVE-2007-1263 is a vulnerability with a CVSS score of 5.0 (MEDIUM). GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might all...
How severe is CVE-2007-1263?
CVE-2007-1263 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1263?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Gpgme, Gnupg Gnupg.