CVE-2019-13050

Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.
Configurations

Configuration 1

cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*
cpe:2.3:a:sks_keyserver_project:sks_keyserver:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*

Information

Published : 2019-06-29 05:15

Updated : 2021-06-29 03:15


NVD link : CVE-2019-13050

Mitre link : CVE-2019-13050

Products Affected
No products.
CWE
CWE-295

Improper Certificate Validation