UBUNTU-CVE-2022-3219

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2022-3219
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-3219.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-3219
Related
Published
2023-02-23T20:15:00Z
Modified
2025-04-23T15:00:35Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

References

Affected packages

Ubuntu:Pro:14.04:LTS / gnupg

Package

Name
gnupg
Purl
pkg:deb/ubuntu/gnupg@1.4.16-1ubuntu2.6+esm1?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.14-1ubuntu2
1.4.15-1.1ubuntu1
1.4.15-1.1ubuntu2
1.4.15-2ubuntu1
1.4.16-1ubuntu1
1.4.16-1ubuntu2
1.4.16-1ubuntu2.1
1.4.16-1ubuntu2.3
1.4.16-1ubuntu2.4
1.4.16-1ubuntu2.5
1.4.16-1ubuntu2.6
1.4.16-1ubuntu2.6+esm1

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:16.04:LTS / gnupg

Package

Name
gnupg
Purl
pkg:deb/ubuntu/gnupg@1.4.20-1ubuntu3.3+esm2?arch=source&distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.18-7ubuntu1
1.4.19-6ubuntu1
1.4.20-1ubuntu1
1.4.20-1ubuntu2
1.4.20-1ubuntu3
1.4.20-1ubuntu3.1
1.4.20-1ubuntu3.2
1.4.20-1ubuntu3.3
1.4.20-1ubuntu3.3+esm2

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:16.04:LTS / gnupg2

Package

Name
gnupg2
Purl
pkg:deb/ubuntu/gnupg2@2.1.11-6ubuntu2.1+esm1?arch=source&distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.28-3ubuntu1
2.0.28-3ubuntu2
2.1.11-6ubuntu1
2.1.11-6ubuntu2
2.1.11-6ubuntu2.1
2.1.11-6ubuntu2.1+esm1

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:18.04:LTS / gnupg2

Package

Name
gnupg2
Purl
pkg:deb/ubuntu/gnupg2@2.2.4-1ubuntu1.6?arch=source&distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.15-1ubuntu8
2.2.4-1ubuntu1
2.2.4-1ubuntu1.1
2.2.4-1ubuntu1.2
2.2.4-1ubuntu1.3
2.2.4-1ubuntu1.4
2.2.4-1ubuntu1.5
2.2.4-1ubuntu1.6

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:20.04:LTS / gnupg2

Package

Name
gnupg2
Purl
pkg:deb/ubuntu/gnupg2@2.2.19-3ubuntu2.4?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.12-1ubuntu3
2.2.17-3ubuntu1
2.2.19-3ubuntu2
2.2.19-3ubuntu2.1
2.2.19-3ubuntu2.2
2.2.19-3ubuntu2.4

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:22.04:LTS / gnupg2

Package

Name
gnupg2
Purl
pkg:deb/ubuntu/gnupg2@2.2.27-3ubuntu2.3?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.20-1ubuntu4
2.2.27-2ubuntu1
2.2.27-3ubuntu1
2.2.27-3ubuntu2
2.2.27-3ubuntu2.1
2.2.27-3ubuntu2.3

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:24.10 / gnupg2

Package

Name
gnupg2
Purl
pkg:deb/ubuntu/gnupg2@2.4.4-2ubuntu18.2?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.4-2ubuntu17
2.4.4-2ubuntu18
2.4.4-2ubuntu18.2

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:24.04:LTS / gnupg2

Package

Name
gnupg2
Purl
pkg:deb/ubuntu/gnupg2@2.4.4-2ubuntu17.2?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.40-1.1ubuntu1
2.4.4-2ubuntu7
2.4.4-2ubuntu15
2.4.4-2ubuntu16
2.4.4-2ubuntu17
2.4.4-2ubuntu17.2

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:25.04 / gnupg2

Package

Name
gnupg2
Purl
pkg:deb/ubuntu/gnupg2@2.4.4-2ubuntu23?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.4-2ubuntu18
2.4.4-2ubuntu20
2.4.4-2ubuntu21
2.4.4-2ubuntu22
2.4.4-2ubuntu23

Ecosystem specific 

{
    "ubuntu_priority": "low"
}