CVE-2019-14855

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-14855

Severity

Unknown

Description

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

References

https://images.chainguard.dev/security/CGA-289g-3jf6-7rrh
https://github.com/advisories/GHSA-cpvm-f36g-55vg
https://dev.gnupg.org/T4755
https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html
https://rwc.iacr.org/2020/slides/Leurent.pdf
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14855
https://usn.ubuntu.com/4516-1/
https://security.alpinelinux.org/vuln/CVE-2019-14855
https://security-tracker.debian.org/tracker/CVE-2019-14855

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2019-14855

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources