CVE-2018-12020
high-risk
Published 2018-06-08
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
Do I need to act?
~
1.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
References (42)
Mailing List
http://openwall.com/lists/oss-security/2018/06/08/2
Third Party Advisory
http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html
Mailing List
http://seclists.org/fulldisclosure/2019/Apr/38
Broken Link
http://www.securityfocus.com/bid/104450
Broken Link
http://www.securitytracker.com/id/1041051
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2180
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2181
Technical Description
https://github.com/RUB-NDS/Johnny-You-Are-Fired
Technical Description
https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.p...
Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+Struxur...
Third Party Advisory
https://usn.ubuntu.com/3675-1/
Third Party Advisory
https://usn.ubuntu.com/3675-2/
Third Party Advisory
https://usn.ubuntu.com/3675-3/
Third Party Advisory
https://usn.ubuntu.com/3964-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4222
Third Party Advisory
https://www.debian.org/security/2018/dsa-4223
and 22 more references
51
/ 100
high-risk
Severity
26/34 · High
Exploitability
5/34 · Minimal
Exposure
20/34 · Moderate