Vulnerability Description
gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kde-Apps | Kleopatra | 2.0.11 |
| Gpg4Win | Gpg4Win | 2.0.1 |
References
- http://www.packetstormsecurity.com/0910-exploits/gpg2kleo-dos.txtExploit
- http://www.securityfocus.com/bid/36781Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53908
- http://www.packetstormsecurity.com/0910-exploits/gpg2kleo-dos.txtExploit
- http://www.securityfocus.com/bid/36781Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53908
FAQ
What is CVE-2009-3805?
CVE-2009-3805 is a vulnerability with a CVSS score of 4.3 (MEDIUM). gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature.
How severe is CVE-2009-3805?
CVE-2009-3805 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3805?
Check the references section above for vendor advisories and patch information. Affected products include: Kde-Apps Kleopatra, Gpg4Win Gpg4Win.