[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2020-24972Date: (C)2020-08-31   (M)2023-12-22


The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 8.8CVSS Score : 6.5
Exploit Score: 2.8Exploit Score: 8.0
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: SINGLE
User Interaction: REQUIREDConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
FEDORA-2020-9b441d3153
GLSA-202008-21
https://dev.gnupg.org/rKLEOPATRAb4bd63c1739900d94c04da03045e9445a5a5f54b
https://dev.gnupg.org/source/kleo/browse/master/CMakeLists.txt
openSUSE-SU-2020:1723
openSUSE-SU-2020:1754

CWE    1
CWE-116
OVAL    1
oval:org.secpod.oval:def:118814

© SecPod Technologies