CVE-2005-0366
Severity CVSS v4.0:
Pending analysis
Type:
CWE-326
Inadequate Encryption Strength
Publication date:
02/05/2005
Last modified:
03/04/2025
Description
The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:* | 1.4.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://eprint.iacr.org/2005/033
- http://eprint.iacr.org/2005/033.pdf
- http://securitytracker.com/id?1013166=
- http://www.gentoo.org/security/en/glsa/glsa-200503-29.xml
- http://www.kb.cert.org/vuls/id/303094
- http://www.mandriva.com/security/advisories?name=MDKSA-2005%3A057
- http://www.novell.com/linux/security/advisories/2005_07_sr.html
- http://www.osvdb.org/13775
- http://www.pgp.com/library/ctocorner/openpgp.html
- http://www.securityfocus.com/bid/12529
- http://eprint.iacr.org/2005/033
- http://eprint.iacr.org/2005/033.pdf
- http://securitytracker.com/id?1013166=
- http://www.gentoo.org/security/en/glsa/glsa-200503-29.xml
- http://www.kb.cert.org/vuls/id/303094
- http://www.mandriva.com/security/advisories?name=MDKSA-2005%3A057
- http://www.novell.com/linux/security/advisories/2005_07_sr.html
- http://www.osvdb.org/13775
- http://www.pgp.com/library/ctocorner/openpgp.html
- http://www.securityfocus.com/bid/12529