CVE-2013-4351

Name	CVE-2013-4351
Description	GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
References	DSA-2773-1, DSA-2774-1
NVD severity	medium
Debian Bugs	722722, 722724

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
gnupg2 (PTS)	stretch	2.1.18-8~deb9u4	fixed
	stretch (security)	2.1.18-8~deb9u2	fixed
	buster	2.2.12-1+deb10u1	fixed
	bullseye	2.2.27-2	fixed
	bookworm, sid	2.2.27-3	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
gnupg	source	squeeze	1.4.10-4+squeeze3		DSA-2773-1
gnupg	source	wheezy	1.4.12-7+deb7u2		DSA-2773-1
gnupg	source	(unstable)	1.4.15-1	low		722722
gnupg2	source	squeeze	2.0.14-2+squeeze2		DSA-2774-1
gnupg2	source	wheezy	2.0.19-2+deb7u1		DSA-2774-1
gnupg2	source	(unstable)	2.0.22-1	low		722724