Inadequate Encryption Strength Affecting gnupg2 package, versions *

  • Attack Complexity


  • Confidentiality


Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id


  • published

    25 Nov 2019

  • disclosed

    20 Mar 2020

How to fix?

There is no fixed version for Debian:10 gnupg2.

NVD Description

Note: Versions mentioned in the description apply to the upstream gnupg2 package.

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.