CVE-2022-3219

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-3219

Severity

3.3

Low

CVSS CVSS_V3

Description

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

References

https://images.chainguard.dev/security/CGA-qv69-x9jf-vm7x
https://github.com/advisories/GHSA-pf7g-97vv-qmrr
https://access.redhat.com/security/cve/CVE-2022-3219
https://bugzilla.redhat.com/show_bug.cgi?id=2127010
https://security.netapp.com/advisory/ntap-20230324-0001/
https://marc.info/?l=oss-security&m=165696590211434&w=4
https://dev.gnupg.org/D556
https://dev.gnupg.org/T5993
https://security-tracker.debian.org/tracker/CVE-2022-3219

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal