CVE-2022-3219 Information

Description

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached compressed down to just a few KB.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://dev.gnupg.org/T5993 https://marc.info/?l=oss-security&m=165696590211434&w=4 https://dev.gnupg.org/D556 https://access.redhat.com/security/cve/CVE-2022-3219