Updated: 2025-12-01 03:47:25.418828
Description:
GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | LOW | 3.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | gnupg2 | 2.3.3 | 3.3 | LOW | Ignored | 2023-12-01 03:18:54 | This is a local, denial‑of‑service condition that only causes GnuPG to consume CPU while parsing... | |
| CentOS 6 ELS | gnupg2 | 2.0.14 | 3.3 | LOW | Ignored | 2023-12-01 03:18:52 | Ignored due to low severity | |
| CentOS 7 ELS | gnupg2 | 2.0.22 | 3.3 | LOW | Ignored | 2023-12-01 03:18:54 | Ignored due to low severity | |
| CentOS 8.4 ELS | gnupg2 | 2.2.20 | 3.3 | LOW | Ignored | 2023-12-01 03:18:54 | Ignored due to low severity | |
| CentOS 8.5 ELS | gnupg2 | 2.2.20 | 3.3 | LOW | Ignored | 2023-12-01 03:18:51 | Ignored due to low severity | |
| CloudLinux 6 ELS | gnupg2 | 2.0.14 | 3.3 | LOW | Ignored | 2023-12-01 03:18:52 | Ignored due to low severity | |
| Debian 10 ELS | gnupg2 | 2.2.12 | 3.3 | LOW | Ignored | 2025-10-11 00:22:35 | Ignored due to low severity | |
| Oracle Linux 6 ELS | gnupg2 | 2.0.14 | 3.3 | LOW | Ignored | 2023-12-01 03:18:54 | Ignored due to low severity | |
| Ubuntu 16.04 ELS | gnupg | 1.4.20 | 3.3 | LOW | Ignored | 2023-12-01 03:18:55 | Ignored due to low severity | |
| Ubuntu 16.04 ELS | gnupg2 | 2.1.11-6 | 3.3 | LOW | Ignored | 2023-12-01 03:18:51 | Ignored due to low severity |