CVE-2019-6690 vulnerability in Python and Other Products
Published on March 21, 2019

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2019-6690

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-6690 are published in these products:

Python Gnupg

Canonical Ubuntu Linux

Debian Linux

OpenSuse Leap

Exploit Probability

EPSS

21.43%

Percentile

95.59%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-6690 vulnerability in Python and Other ProductsPublished on March 21, 2019

Products Associated with CVE-2019-6690

Exploit Probability

CVE-2019-6690 vulnerability in Python and Other Products
Published on March 21, 2019