Arch Linux: ASA-201604-11 Low Severity: pgpdump DoS Attack
Apr 23, 2016
•
LinuxSecurity Advisories
1 min read
The package pgpdump before version 0.30-1 is vulnerable to denial of service.
Arch Linux Security Advisory ASA-201604-11 ========================================= Severity: Low Date : 2016-04-22 CVE-ID : CVE-2016-4021 Package : pgpdump Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package pgpdump before version 0.30-1 is vulnerable to denial of service. Resolution ========= Upgrade to 0.30-1. # pacman -Syu "pgpdump>=0.30-1" The problem has been fixed upstream in version 0.30. Workaround ========= None. Description ========== When pgpdump is run on specially crafted input, a denial of service condition occurs. The program runs with 100% CPU usage for an indefinite amount of time. This can be abused in scenarios where users can supply input to pgpdump, e.g. in http://www.pgpdump.net/. Impact ===== A remote attacker is able to create a specially crafted input that is leading to CPU resource consumption resulting in denial of service. References ========= https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt https://www.cve.org/CVERecord?id=CVE-2016-4021
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!