CVE-2019-13050 Information

Feb 14, 2021 cve

Description

Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network and GnuPG through 2.2.16 makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service because of a Certificate Spamming Attack.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/ https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html https://support.f5.com/csp/article/K08654551 https://support.f5.com/csp/article/K08654551?utm_source=f5support&utm_medium=RSS https://twitter.com/lambdafu/status/1147162583969009664

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5

Share on: