Vulnerability Details CVE-2005-0366
The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.029
EPSS Ranking 85.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://eprint.iacr.org/2005/033
- http://eprint.iacr.org/2005/033.pdf
- http://securitytracker.com/id?1013166
- http://www.gentoo.org/security/en/glsa/glsa-200503-29.xml
- http://www.kb.cert.org/vuls/id/303094
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:057
- http://www.novell.com/linux/security/advisories/2005_07_sr.html
- http://www.osvdb.org/13775
- http://www.pgp.com/library/ctocorner/openpgp.html
- http://www.securityfocus.com/bid/12529
- http://eprint.iacr.org/2005/033
- http://eprint.iacr.org/2005/033.pdf
- http://securitytracker.com/id?1013166
- http://www.gentoo.org/security/en/glsa/glsa-200503-29.xml
- http://www.kb.cert.org/vuls/id/303094
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:057
- http://www.novell.com/linux/security/advisories/2005_07_sr.html
- http://www.osvdb.org/13775
- http://www.pgp.com/library/ctocorner/openpgp.html
- http://www.securityfocus.com/bid/12529
Products affected by CVE-2005-0366
-
cpe:2.3:a:gnupg:gnupg:-
-
cpe:2.3:a:gnupg:gnupg:0.0.0
-
cpe:2.3:a:gnupg:gnupg:0.1.0
-
cpe:2.3:a:gnupg:gnupg:0.1.1
-
cpe:2.3:a:gnupg:gnupg:0.1.2
-
cpe:2.3:a:gnupg:gnupg:0.1.3
-
cpe:2.3:a:gnupg:gnupg:0.2.0
-
cpe:2.3:a:gnupg:gnupg:0.2.1
-
cpe:2.3:a:gnupg:gnupg:0.2.10
-
cpe:2.3:a:gnupg:gnupg:0.2.11
-
cpe:2.3:a:gnupg:gnupg:0.2.12
-
cpe:2.3:a:gnupg:gnupg:0.2.13
-
cpe:2.3:a:gnupg:gnupg:0.2.14
-
cpe:2.3:a:gnupg:gnupg:0.2.15
-
cpe:2.3:a:gnupg:gnupg:0.2.16
-
cpe:2.3:a:gnupg:gnupg:0.2.17
-
cpe:2.3:a:gnupg:gnupg:0.2.18
-
cpe:2.3:a:gnupg:gnupg:0.2.19
-
cpe:2.3:a:gnupg:gnupg:0.2.2
-
cpe:2.3:a:gnupg:gnupg:0.2.3
-
cpe:2.3:a:gnupg:gnupg:0.2.4
-
cpe:2.3:a:gnupg:gnupg:0.2.5
-
cpe:2.3:a:gnupg:gnupg:0.2.6
-
cpe:2.3:a:gnupg:gnupg:0.2.7
-
cpe:2.3:a:gnupg:gnupg:0.2.8
-
cpe:2.3:a:gnupg:gnupg:0.2.9
-
cpe:2.3:a:gnupg:gnupg:0.3.0
-
cpe:2.3:a:gnupg:gnupg:0.3.1
-
cpe:2.3:a:gnupg:gnupg:0.3.2
-
cpe:2.3:a:gnupg:gnupg:0.3.3
-
cpe:2.3:a:gnupg:gnupg:0.3.4
-
cpe:2.3:a:gnupg:gnupg:0.3.5
-
cpe:2.3:a:gnupg:gnupg:0.4.0
-
cpe:2.3:a:gnupg:gnupg:0.4.1
-
cpe:2.3:a:gnupg:gnupg:0.4.2
-
cpe:2.3:a:gnupg:gnupg:0.4.3
-
cpe:2.3:a:gnupg:gnupg:0.4.4
-
cpe:2.3:a:gnupg:gnupg:0.4.5
-
cpe:2.3:a:gnupg:gnupg:0.9.0
-
cpe:2.3:a:gnupg:gnupg:0.9.1
-
cpe:2.3:a:gnupg:gnupg:0.9.10
-
cpe:2.3:a:gnupg:gnupg:0.9.11
-
cpe:2.3:a:gnupg:gnupg:0.9.2
-
cpe:2.3:a:gnupg:gnupg:0.9.3
-
cpe:2.3:a:gnupg:gnupg:0.9.4
-
cpe:2.3:a:gnupg:gnupg:0.9.5
-
cpe:2.3:a:gnupg:gnupg:0.9.6
-
cpe:2.3:a:gnupg:gnupg:0.9.7
-
cpe:2.3:a:gnupg:gnupg:0.9.8
-
cpe:2.3:a:gnupg:gnupg:0.9.9
-
cpe:2.3:a:gnupg:gnupg:1.0.0
-
cpe:2.3:a:gnupg:gnupg:1.0.1
-
cpe:2.3:a:gnupg:gnupg:1.0.2
-
cpe:2.3:a:gnupg:gnupg:1.0.3
-
cpe:2.3:a:gnupg:gnupg:1.0.4
-
cpe:2.3:a:gnupg:gnupg:1.0.5
-
cpe:2.3:a:gnupg:gnupg:1.0.6
-
cpe:2.3:a:gnupg:gnupg:1.0.7
-
cpe:2.3:a:gnupg:gnupg:1.1.90
-
cpe:2.3:a:gnupg:gnupg:1.1.91
-
cpe:2.3:a:gnupg:gnupg:1.1.92
-
cpe:2.3:a:gnupg:gnupg:1.2.0
-
cpe:2.3:a:gnupg:gnupg:1.2.1
-
cpe:2.3:a:gnupg:gnupg:1.2.2
-
cpe:2.3:a:gnupg:gnupg:1.2.3
-
cpe:2.3:a:gnupg:gnupg:1.2.4
-
cpe:2.3:a:gnupg:gnupg:1.2.5
-
cpe:2.3:a:gnupg:gnupg:1.2.6
-
cpe:2.3:a:gnupg:gnupg:1.2.7
-
cpe:2.3:a:gnupg:gnupg:1.2.8
-
cpe:2.3:a:gnupg:gnupg:1.3.0
-
cpe:2.3:a:gnupg:gnupg:1.3.1
-
cpe:2.3:a:gnupg:gnupg:1.3.2
-
cpe:2.3:a:gnupg:gnupg:1.3.3
-
cpe:2.3:a:gnupg:gnupg:1.3.4
-
cpe:2.3:a:gnupg:gnupg:1.3.6
-
cpe:2.3:a:gnupg:gnupg:1.3.90
-
cpe:2.3:a:gnupg:gnupg:1.3.91
-
cpe:2.3:a:gnupg:gnupg:1.3.92
-
cpe:2.3:a:gnupg:gnupg:1.3.93
-
cpe:2.3:a:gnupg:gnupg:1.4.0