Buffer overflow in GnuPG encryption software
Werner Koch from the GnuPG project has discovered a buffer overflow in all versions of the GnuPG encryption software. In interactive mode, attackers can exploit it to crash GnuPG, and potentially even execute planted code.
Koch's advisory notes that the bug was introduced into the code as far back as 1999. The flawed routine copies a function's output for reformatting and filtering out of potentially dangerous symbols. Unfortunately, it copies the data into a buffer that under some circumstances is too small. However, GnuPG only uses the routine in interactive mode. Programs for email decryption and encryption in mail programs typically use the batch mode and therefore do not trigger the bug.
All GnuPG versions are affected, including the current versions 1.4 and 2.0. Koch provides a source code patch in the bug report, for self-compilers to correct the problem on their own. The Linux distributors will likely follow up with similarly updated packages soon.
- GnuPG 1.4 and 2.0 buffer overflow, bug advisory from Werner Koch