CVE-2001-0522

critical

Description

Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/6642

http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html

http://www.securityfocus.com/bid/2797

http://www.redhat.com/support/errata/RHSA-2001-073.html

http://www.osvdb.org/1845

http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html

http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3

http://www.kb.cert.org/vuls/id/403051

http://www.gnupg.org/whatsnew.html#rn20010529

http://www.debian.org/security/2001/dsa-061

http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt

http://online.securityfocus.com/archive/1/188218

http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000399

Details

Source: Mitre, NVD

Published: 2001-08-14

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.14019

Detections

Analytics