CVE-2022-3219

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-3219

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3219.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-3219

Related

Published

2023-02-23T20:15:12Z

Modified

2025-03-12T22:47:20.255559Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

References

Affected packages

Debian:11 / gnupg2

Package

Name: gnupg2
Purl: pkg:deb/debian/gnupg2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.27-2

2.2.27-2+deb11u1

2.2.27-2+deb11u2

2.2.27-3

2.2.34-1

2.2.35-1

2.2.35-2

2.2.35-3

2.2.39-1

2.2.40-1

2.2.40-1+hurd.1

2.2.40-1.1

2.2.40-1.1+hurd.1

2.2.40-1.1+loong64

2.2.40-2

2.2.40-3

2.2.43-1

2.2.43-2

2.2.43-3

2.2.43-4

2.2.43-5

2.2.43-6

2.2.43-7

2.2.43-8

2.2.44-1

2.2.45-1

2.2.45-2

2.2.45-3

2.2.46~pre1-1

2.2.46-1

2.2.46-2

2.2.46-3

2.2.46-4

2.3.1-1

2.4.3-2

2.4.4-1

2.4.4-2

2.4.4-3

2.4.4-4

2.4.5-1

2.4.5-2

2.4.5-3

2.4.6-1

2.4.7-1

2.4.7-2

2.4.7-3

2.4.7-4

2.4.7-5

2.4.7-6

2.4.7-7

2.4.7-8

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / gnupg2

Package

Name: gnupg2
Purl: pkg:deb/debian/gnupg2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.40-1.1

2.2.40-1.1+hurd.1

2.2.40-1.1+loong64

2.2.40-2

2.2.40-3

2.2.43-1

2.2.43-2

2.2.43-3

2.2.43-4

2.2.43-5

2.2.43-6

2.2.43-7

2.2.43-8

2.2.44-1

2.2.45-1

2.2.45-2

2.2.45-3

2.2.46~pre1-1

2.2.46-1

2.2.46-2

2.2.46-3

2.2.46-4

2.3.1-1

2.4.3-2

2.4.4-1

2.4.4-2

2.4.4-3

2.4.4-4

2.4.5-1

2.4.5-2

2.4.5-3

2.4.6-1

2.4.7-1

2.4.7-2

2.4.7-3

2.4.7-4

2.4.7-5

2.4.7-6

2.4.7-7

2.4.7-8

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / gnupg2

Package

Name: gnupg2
Purl: pkg:deb/debian/gnupg2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.40-1.1

2.2.40-1.1+hurd.1

2.2.40-1.1+loong64

2.2.40-2

2.2.40-3

2.2.43-1

2.2.43-2

2.2.43-3

2.2.43-4

2.2.43-5

2.2.43-6

2.2.43-7

2.2.43-8

2.2.44-1

2.2.45-1

2.2.45-2

2.2.45-3

2.2.46~pre1-1

2.2.46-1

2.2.46-2

2.2.46-3

2.2.46-4

2.3.1-1

2.4.3-2

2.4.4-1

2.4.4-2

2.4.4-3

2.4.4-4

2.4.5-1

2.4.5-2

2.4.5-3

2.4.6-1

2.4.7-1

2.4.7-2

2.4.7-3

2.4.7-4

2.4.7-5

2.4.7-6

2.4.7-7

2.4.7-8

Ecosystem specific

{
    "urgency": "unimportant"
}