CVE-2014-4617 (retired)

Priority
Description
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and
2.x before 2.0.24 allows context-dependent attackers to cause a denial of
service (infinite loop) via malformed compressed packets, as demonstrated
by an a3 01 5b ff byte sequence.
Assigned-to
mdeslaur
Package
Source: gnupg (LP Ubuntu Debian)
Upstream:released (1.4.17,1.4.16-1.2)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.4.16-1ubuntu2.1)
Patches:
Upstream:http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=11fdfcf82bd8
Package
Upstream:released (2.0.24)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.0.22-3ubuntu1.1)
Patches:
Upstream:http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=014b2103fcb1
More Information

Updated: 2019-03-26 12:13:19 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)