Vulnerability Name:

CVE-2022-34903 (CCN-230354)

Assigned:2022-06-30
Published:2022-06-30
Updated:2022-09-09
Summary:GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): Low
Availibility (A): None
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
5.9 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.2 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-74
CWE-347
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-34903

Source: MLIST
Type: Exploit, Mailing List, Third Party Advisory
[oss-security] 20220702 Re: GnuPG signature spoofing via status line injection

Source: MISC
Type: Issue Tracking, Mailing List, Patch, Third Party Advisory
https://bugs.debian.org/1014157

Source: CCN
Type: GnuPG Web site
g10: Fix garbled status messages in NOTATION_DATA

Source: MISC
Type: Issue Tracking, Patch, Vendor Advisory
https://dev.gnupg.org/T6027

Source: XF
Type: UNKNOWN
gnupg-cve202234903-spoofing(230354)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-0dbfb7e270

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-aa14d396dd

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-1124e5882d

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-1747eea46c

Source: CCN
Type: oss-sec Mailing List, Thu, 30 Jun 2022 02:18:33 -0400
GnuPG signature spoofing via status line injection

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220826-0005/

Source: DEBIAN
Type: Third Party Advisory
DSA-5174

Source: CCN
Type: IBM Security Bulletin 6830587 (MQ Operator)
IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from containerd, gnupg2, runc and IBM WebSphere Application Server Liberty

Source: CCN
Type: IBM Security Bulletin 6832466 (Voice Gateway)
Multiple Vulnerabilities in base image packages affect IBM Voice Gateway

Source: CCN
Type: IBM Security Bulletin 6840925 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in GnuPG [CVE-2022-3515 and CVE-2022-34903]

Source: CCN
Type: IBM Security Bulletin 6853463 (Robotic Process Automation for Cloud Pak)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Source: CCN
Type: IBM Security Bulletin 6855297 (Security Verify Access)
IBM Security Verify Access Appliance includes components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6857803 (Cloud Pak for Watson AIOps)
Multiple Vulnerabilities in CloudPak for Watson AIOPs

Source: CCN
Type: IBM Security Bulletin 6967657 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to spoofing attacks in GnuPG (CVE-2022-34903)

Source: CCN
Type: Mend Vulnerability Database
CVE-2022-34903

Source: MISC
Type: Exploit, Mailing List, Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/06/30/1

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnupg:gnupg:*:*:*:*:*:*:*:* (Version <= 2.3.6)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:36:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:9:*:*:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:9::baseos:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gnupg:gnupg:2.3.6:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.4.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7482
    P
    		dirmngr-2.2.27-150300.3.5.1 on GA media (Moderate)
    2023-06-12
    oval:com.redhat.rhsa:def:20226602
    P
    		RHSA-2022:6602: gnupg2 security update (Moderate)
    2022-09-20
    oval:com.redhat.rhsa:def:20226463
    P
    		RHSA-2022:6463: gnupg2 security update (Moderate)
    2022-09-13
    oval:org.opensuse.security:def:118968
    P
    		Security update for gpg2 (Important) (in QA)
    2022-08-25
    oval:org.opensuse.security:def:119824
    P
    		Security update for gpg2 (Important) (in QA)
    2022-08-25
    oval:org.opensuse.security:def:119273
    P
    		Security update for gpg2 (Important) (in QA)
    2022-08-25
    oval:org.opensuse.security:def:119725
    P
    		Security update for gpg2 (Important) (in QA)
    2022-08-25
    oval:org.opensuse.security:def:118778
    P
    		Security update for gpg2 (Important) (in QA)
    2022-08-25
    oval:org.opensuse.security:def:119737
    P
    		Security update for gpg2 (Important) (in QA)
    2022-08-25
    oval:org.opensuse.security:def:43650
    P
    		Security update for gpg2 (Important)
    2022-07-25
    oval:org.opensuse.security:def:95281
    P
    		Security update for gpg2 (Important)
    2022-07-25
    oval:org.opensuse.security:def:3651
    P
    		Security update for gpg2 (Important)
    2022-07-25
    oval:org.opensuse.security:def:42323
    P
    		Security update for gpg2 (Important)
    2022-07-25
    oval:org.opensuse.security:def:597
    P
    		Security update for gpg2 (Important)
    2022-07-25
    oval:org.opensuse.security:def:42419
    P
    		Security update for gpg2 (Important)
    2022-07-25
    oval:org.opensuse.security:def:127319
    P
    		Security update for gpg2 (Important)
    2022-07-22
    oval:org.opensuse.security:def:125758
    P
    		Security update for gpg2 (Important)
    2022-07-22
    oval:org.opensuse.security:def:6102
    P
    		Security update for gpg2 (Important)
    2022-07-22
    oval:org.opensuse.security:def:126922
    P
    		Security update for gpg2 (Important)
    2022-07-22
    BACK
    gnupg gnupg *
    fedoraproject fedora 35
    fedoraproject fedora 36
    debian debian linux 10.0
    debian debian linux 11.0
    netapp ontap select deploy administration utility -
    netapp active iq unified manager -
    gnupg gnupg 2.3.6
    ibm voice gateway 1.0.2
    ibm voice gateway 1.0.3
    ibm voice gateway 1.0.2.4
    ibm voice gateway 1.0.4
    ibm voice gateway 1.0.5
    ibm voice gateway 1.0.6
    ibm security verify access 10.0.2.0
    ibm voice gateway 1.0.7
    ibm security verify access 10.0.0.0
    ibm security verify access 10.0.1.0
    ibm security verify access 10.0.3.0
    ibm robotic process automation for cloud pak 21.0.1
    ibm robotic process automation for cloud pak 21.0.2
    ibm robotic process automation for cloud pak 21.0.3
    ibm robotic process automation for cloud pak 21.0.5
    ibm robotic process automation for cloud pak 21.0.4
    ibm security verify access 10.0.4.0