CVE-2022-3219

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-3219

Severity

Unknown

Description

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

References

https://images.chainguard.dev/security/CGA-qv69-x9jf-vm7x
https://github.com/advisories/GHSA-pf7g-97vv-qmrr
https://security.netapp.com/advisory/ntap-20230324-0001/
https://marc.info/?l=oss-security&m=165696590211434&w=4
https://dev.gnupg.org/D556
https://dev.gnupg.org/T5993
https://bugzilla.redhat.com/show_bug.cgi?id=2127010
https://access.redhat.com/security/cve/CVE-2022-3219
https://security-tracker.debian.org/tracker/CVE-2022-3219

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2022-3219

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources