CVE-2022-34903

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-34903
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-34903.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-34903
Related
Published
2022-07-01T22:15:08Z
Modified
2024-09-11T04:53:48.282368Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
Summary
[none]
Details

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.

References

Affected packages

Alpine:v3.13 / gnupg

Package

Name
gnupg
Purl
pkg:apk/alpine/gnupg?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.31-r1

Affected versions

2.*

2.0.10-r0
2.0.10-r1
2.0.15-r0
2.0.16-r0
2.0.16-r1
2.0.16-r2
2.0.17-r0
2.0.18-r0
2.0.19-r0
2.0.20-r0
2.0.21-r0
2.0.22-r0
2.0.22-r1
2.1.0_beta751-r1
2.1.0_beta783-r1
2.1.0_beta895-r1
2.1.0-r1
2.1.1-r1
2.1.2-r1
2.1.3-r1
2.1.4-r1
2.1.5-r1
2.1.6-r1
2.1.7-r1
2.1.8-r0
2.1.9-r0
2.1.9-r1
2.1.10-r0
2.1.10-r1
2.1.11-r0
2.1.12-r0
2.1.13-r0
2.1.14-r0
2.1.15-r0
2.1.16-r0
2.1.17-r0
2.1.18-r0
2.1.19-r0
2.1.20-r0
2.1.21-r0
2.1.22-r0
2.1.23-r0
2.1.23-r1
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.2.2-r0
2.2.3-r0
2.2.3-r1
2.2.5-r0
2.2.6-r0
2.2.6-r2
2.2.6-r3
2.2.7-r0
2.2.8-r0
2.2.9-r0
2.2.9-r1
2.2.10-r0
2.2.12-r0
2.2.13-r0
2.2.14-r0
2.2.15-r0
2.2.16-r0
2.2.17-r0
2.2.18-r0
2.2.19-r0
2.2.19-r1
2.2.20-r0
2.2.21-r0
2.2.21-r1
2.2.23-r0
2.2.24-r0
2.2.25-r0
2.2.26-r0
2.2.27-r0
2.2.31-r0

Alpine:v3.14 / gnupg

Package

Name
gnupg
Purl
pkg:apk/alpine/gnupg?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.31-r1

Affected versions

2.*

2.0.10-r0
2.0.10-r1
2.0.15-r0
2.0.16-r0
2.0.16-r1
2.0.16-r2
2.0.17-r0
2.0.18-r0
2.0.19-r0
2.0.20-r0
2.0.21-r0
2.0.22-r0
2.0.22-r1
2.1.0_beta751-r1
2.1.0_beta783-r1
2.1.0_beta895-r1
2.1.0-r1
2.1.1-r1
2.1.2-r1
2.1.3-r1
2.1.4-r1
2.1.5-r1
2.1.6-r1
2.1.7-r1
2.1.8-r0
2.1.9-r0
2.1.9-r1
2.1.10-r0
2.1.10-r1
2.1.11-r0
2.1.12-r0
2.1.13-r0
2.1.14-r0
2.1.15-r0
2.1.16-r0
2.1.17-r0
2.1.18-r0
2.1.19-r0
2.1.20-r0
2.1.21-r0
2.1.22-r0
2.1.23-r0
2.1.23-r1
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.2.2-r0
2.2.3-r0
2.2.3-r1
2.2.5-r0
2.2.6-r0
2.2.6-r2
2.2.6-r3
2.2.7-r0
2.2.8-r0
2.2.9-r0
2.2.9-r1
2.2.10-r0
2.2.12-r0
2.2.13-r0
2.2.14-r0
2.2.15-r0
2.2.16-r0
2.2.17-r0
2.2.18-r0
2.2.19-r0
2.2.19-r1
2.2.20-r0
2.2.21-r0
2.2.21-r1
2.2.23-r0
2.2.24-r0
2.2.25-r0
2.2.26-r0
2.2.27-r0
2.2.31-r0

Alpine:v3.15 / gnupg

Package

Name
gnupg
Purl
pkg:apk/alpine/gnupg?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.31-r2

Affected versions

2.*

2.0.10-r0
2.0.10-r1
2.0.15-r0
2.0.16-r0
2.0.16-r1
2.0.16-r2
2.0.17-r0
2.0.18-r0
2.0.19-r0
2.0.20-r0
2.0.21-r0
2.0.22-r0
2.0.22-r1
2.1.0_beta751-r1
2.1.0_beta783-r1
2.1.0_beta895-r1
2.1.0-r1
2.1.1-r1
2.1.2-r1
2.1.3-r1
2.1.4-r1
2.1.5-r1
2.1.6-r1
2.1.7-r1
2.1.8-r0
2.1.9-r0
2.1.9-r1
2.1.10-r0
2.1.10-r1
2.1.11-r0
2.1.12-r0
2.1.13-r0
2.1.14-r0
2.1.15-r0
2.1.16-r0
2.1.17-r0
2.1.18-r0
2.1.19-r0
2.1.20-r0
2.1.21-r0
2.1.22-r0
2.1.23-r0
2.1.23-r1
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.2.2-r0
2.2.3-r0
2.2.3-r1
2.2.5-r0
2.2.6-r0
2.2.6-r2
2.2.6-r3
2.2.7-r0
2.2.8-r0
2.2.9-r0
2.2.9-r1
2.2.10-r0
2.2.12-r0
2.2.13-r0
2.2.14-r0
2.2.15-r0
2.2.16-r0
2.2.17-r0
2.2.18-r0
2.2.19-r0
2.2.19-r1
2.2.20-r0
2.2.21-r0
2.2.21-r1
2.2.23-r0
2.2.24-r0
2.2.25-r0
2.2.26-r0
2.2.27-r0
2.2.28-r0
2.2.29-r0
2.2.29-r1
2.2.29-r2
2.2.29-r3
2.2.29-r4
2.2.29-r5
2.2.31-r0
2.2.31-r1

Alpine:v3.16 / gnupg

Package

Name
gnupg
Purl
pkg:apk/alpine/gnupg?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.35-r4

Affected versions

2.*

2.0.10-r0
2.0.10-r1
2.0.15-r0
2.0.16-r0
2.0.16-r1
2.0.16-r2
2.0.17-r0
2.0.18-r0
2.0.19-r0
2.0.20-r0
2.0.21-r0
2.0.22-r0
2.0.22-r1
2.1.0_beta751-r1
2.1.0_beta783-r1
2.1.0_beta895-r1
2.1.0-r1
2.1.1-r1
2.1.2-r1
2.1.3-r1
2.1.4-r1
2.1.5-r1
2.1.6-r1
2.1.7-r1
2.1.8-r0
2.1.9-r0
2.1.9-r1
2.1.10-r0
2.1.10-r1
2.1.11-r0
2.1.12-r0
2.1.13-r0
2.1.14-r0
2.1.15-r0
2.1.16-r0
2.1.17-r0
2.1.18-r0
2.1.19-r0
2.1.20-r0
2.1.21-r0
2.1.22-r0
2.1.23-r0
2.1.23-r1
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.2.2-r0
2.2.3-r0
2.2.3-r1
2.2.5-r0
2.2.6-r0
2.2.6-r2
2.2.6-r3
2.2.7-r0
2.2.8-r0
2.2.9-r0
2.2.9-r1
2.2.10-r0
2.2.12-r0
2.2.13-r0
2.2.14-r0
2.2.15-r0
2.2.16-r0
2.2.17-r0
2.2.18-r0
2.2.19-r0
2.2.19-r1
2.2.20-r0
2.2.21-r0
2.2.21-r1
2.2.23-r0
2.2.24-r0
2.2.25-r0
2.2.26-r0
2.2.27-r0
2.2.28-r0
2.2.29-r0
2.2.29-r1
2.2.29-r2
2.2.29-r3
2.2.29-r4
2.2.29-r5
2.2.31-r0
2.2.31-r1
2.2.33-r0
2.2.34-r0
2.2.35-r0
2.2.35-r1
2.2.35-r2
2.2.35-r3

Alpine:v3.17 / gnupg

Package

Name
gnupg
Purl
pkg:apk/alpine/gnupg?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.35-r4

Affected versions

2.*

2.0.10-r0
2.0.10-r1
2.0.15-r0
2.0.16-r0
2.0.16-r1
2.0.16-r2
2.0.17-r0
2.0.18-r0
2.0.19-r0
2.0.20-r0
2.0.21-r0
2.0.22-r0
2.0.22-r1
2.1.0_beta751-r1
2.1.0_beta783-r1
2.1.0_beta895-r1
2.1.0-r1
2.1.1-r1
2.1.2-r1
2.1.3-r1
2.1.4-r1
2.1.5-r1
2.1.6-r1
2.1.7-r1
2.1.8-r0
2.1.9-r0
2.1.9-r1
2.1.10-r0
2.1.10-r1
2.1.11-r0
2.1.12-r0
2.1.13-r0
2.1.14-r0
2.1.15-r0
2.1.16-r0
2.1.17-r0
2.1.18-r0
2.1.19-r0
2.1.20-r0
2.1.21-r0
2.1.22-r0
2.1.23-r0
2.1.23-r1
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.2.2-r0
2.2.3-r0
2.2.3-r1
2.2.5-r0
2.2.6-r0
2.2.6-r2
2.2.6-r3
2.2.7-r0
2.2.8-r0
2.2.9-r0
2.2.9-r1
2.2.10-r0
2.2.12-r0
2.2.13-r0
2.2.14-r0
2.2.15-r0
2.2.16-r0
2.2.17-r0
2.2.18-r0
2.2.19-r0
2.2.19-r1
2.2.20-r0
2.2.21-r0
2.2.21-r1
2.2.23-r0
2.2.24-r0
2.2.25-r0
2.2.26-r0
2.2.27-r0
2.2.28-r0
2.2.29-r0
2.2.29-r1
2.2.29-r2
2.2.29-r3
2.2.29-r4
2.2.29-r5
2.2.31-r0
2.2.31-r1
2.2.33-r0
2.2.34-r0
2.2.35-r0
2.2.35-r1
2.2.35-r2
2.2.35-r3

Alpine:v3.18 / gnupg

Package

Name
gnupg
Purl
pkg:apk/alpine/gnupg?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.35-r4

Affected versions

2.*

2.0.10-r0
2.0.10-r1
2.0.15-r0
2.0.16-r0
2.0.16-r1
2.0.16-r2
2.0.17-r0
2.0.18-r0
2.0.19-r0
2.0.20-r0
2.0.21-r0
2.0.22-r0
2.0.22-r1
2.1.0_beta751-r1
2.1.0_beta783-r1
2.1.0_beta895-r1
2.1.0-r1
2.1.1-r1
2.1.2-r1
2.1.3-r1
2.1.4-r1
2.1.5-r1
2.1.6-r1
2.1.7-r1
2.1.8-r0
2.1.9-r0
2.1.9-r1
2.1.10-r0
2.1.10-r1
2.1.11-r0
2.1.12-r0
2.1.13-r0
2.1.14-r0
2.1.15-r0
2.1.16-r0
2.1.17-r0
2.1.18-r0
2.1.19-r0
2.1.20-r0
2.1.21-r0
2.1.22-r0
2.1.23-r0
2.1.23-r1
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.2.2-r0
2.2.3-r0
2.2.3-r1
2.2.5-r0
2.2.6-r0
2.2.6-r2
2.2.6-r3
2.2.7-r0
2.2.8-r0
2.2.9-r0
2.2.9-r1
2.2.10-r0
2.2.12-r0
2.2.13-r0
2.2.14-r0
2.2.15-r0
2.2.16-r0
2.2.17-r0
2.2.18-r0
2.2.19-r0
2.2.19-r1
2.2.20-r0
2.2.21-r0
2.2.21-r1
2.2.23-r0
2.2.24-r0
2.2.25-r0
2.2.26-r0
2.2.27-r0
2.2.28-r0
2.2.29-r0
2.2.29-r1
2.2.29-r2
2.2.29-r3
2.2.29-r4
2.2.29-r5
2.2.31-r0
2.2.31-r1
2.2.33-r0
2.2.34-r0
2.2.35-r0
2.2.35-r1
2.2.35-r2
2.2.35-r3

Alpine:v3.19 / gnupg

Package

Name
gnupg
Purl
pkg:apk/alpine/gnupg?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.35-r4

Affected versions

2.*

2.0.10-r0
2.0.10-r1
2.0.15-r0
2.0.16-r0
2.0.16-r1
2.0.16-r2
2.0.17-r0
2.0.18-r0
2.0.19-r0
2.0.20-r0
2.0.21-r0
2.0.22-r0
2.0.22-r1
2.1.0_beta751-r1
2.1.0_beta783-r1
2.1.0_beta895-r1
2.1.0-r1
2.1.1-r1
2.1.2-r1
2.1.3-r1
2.1.4-r1
2.1.5-r1
2.1.6-r1
2.1.7-r1
2.1.8-r0
2.1.9-r0
2.1.9-r1
2.1.10-r0
2.1.10-r1
2.1.11-r0
2.1.12-r0
2.1.13-r0
2.1.14-r0
2.1.15-r0
2.1.16-r0
2.1.17-r0
2.1.18-r0
2.1.19-r0
2.1.20-r0
2.1.21-r0
2.1.22-r0
2.1.23-r0
2.1.23-r1
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.2.2-r0
2.2.3-r0
2.2.3-r1
2.2.5-r0
2.2.6-r0
2.2.6-r2
2.2.6-r3
2.2.7-r0
2.2.8-r0
2.2.9-r0
2.2.9-r1
2.2.10-r0
2.2.12-r0
2.2.13-r0
2.2.14-r0
2.2.15-r0
2.2.16-r0
2.2.17-r0
2.2.18-r0
2.2.19-r0
2.2.19-r1
2.2.20-r0
2.2.21-r0
2.2.21-r1
2.2.23-r0
2.2.24-r0
2.2.25-r0
2.2.26-r0
2.2.27-r0
2.2.28-r0
2.2.29-r0
2.2.29-r1
2.2.29-r2
2.2.29-r3
2.2.29-r4
2.2.29-r5
2.2.31-r0
2.2.31-r1
2.2.33-r0
2.2.34-r0
2.2.35-r0
2.2.35-r1
2.2.35-r2
2.2.35-r3

Alpine:v3.20 / gnupg

Package

Name
gnupg
Purl
pkg:apk/alpine/gnupg?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.35-r4

Affected versions

2.*

2.0.10-r0
2.0.10-r1
2.0.15-r0
2.0.16-r0
2.0.16-r1
2.0.16-r2
2.0.17-r0
2.0.18-r0
2.0.19-r0
2.0.20-r0
2.0.21-r0
2.0.22-r0
2.0.22-r1
2.1.0_beta751-r1
2.1.0_beta783-r1
2.1.0_beta895-r1
2.1.0-r1
2.1.1-r1
2.1.2-r1
2.1.3-r1
2.1.4-r1
2.1.5-r1
2.1.6-r1
2.1.7-r1
2.1.8-r0
2.1.9-r0
2.1.9-r1
2.1.10-r0
2.1.10-r1
2.1.11-r0
2.1.12-r0
2.1.13-r0
2.1.14-r0
2.1.15-r0
2.1.16-r0
2.1.17-r0
2.1.18-r0
2.1.19-r0
2.1.20-r0
2.1.21-r0
2.1.22-r0
2.1.23-r0
2.1.23-r1
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.2.2-r0
2.2.3-r0
2.2.3-r1
2.2.5-r0
2.2.6-r0
2.2.6-r2
2.2.6-r3
2.2.7-r0
2.2.8-r0
2.2.9-r0
2.2.9-r1
2.2.10-r0
2.2.12-r0
2.2.13-r0
2.2.14-r0
2.2.15-r0
2.2.16-r0
2.2.17-r0
2.2.18-r0
2.2.19-r0
2.2.19-r1
2.2.20-r0
2.2.21-r0
2.2.21-r1
2.2.23-r0
2.2.24-r0
2.2.25-r0
2.2.26-r0
2.2.27-r0
2.2.28-r0
2.2.29-r0
2.2.29-r1
2.2.29-r2
2.2.29-r3
2.2.29-r4
2.2.29-r5
2.2.31-r0
2.2.31-r1
2.2.33-r0
2.2.34-r0
2.2.35-r0
2.2.35-r1
2.2.35-r2
2.2.35-r3

Debian:11 / gnupg2

Package

Name
gnupg2
Purl
pkg:deb/debian/gnupg2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.27-2+deb11u2

Affected versions

2.*

2.2.27-2
2.2.27-2+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / gnupg2

Package

Name
gnupg2
Purl
pkg:deb/debian/gnupg2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.35-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / gnupg2

Package

Name
gnupg2
Purl
pkg:deb/debian/gnupg2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.35-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}