CVE-2013-4351

Name	CVE-2013-4351
Description	GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
References	DSA-2773-1, DSA-2774-1
NVD severity	medium (attack range: remote)
Debian Bugs	722722, 722724

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
gnupg (PTS)	jessie (security), jessie	1.4.18-7+deb8u5	fixed
gnupg2 (PTS)	jessie (security), jessie	2.0.26-6+deb8u2	fixed
	stretch (security), stretch	2.1.18-8~deb9u2	fixed
	buster, sid	2.2.9-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
gnupg	source	(unstable)	1.4.15-1	low		722722
gnupg	source	squeeze	1.4.10-4+squeeze3	medium	DSA-2773-1
gnupg	source	wheezy	1.4.12-7+deb7u2	medium	DSA-2773-1
gnupg2	source	(unstable)	2.0.22-1	low		722724
gnupg2	source	squeeze	2.0.14-2+squeeze2	medium	DSA-2774-1
gnupg2	source	wheezy	2.0.19-2+deb7u1	medium	DSA-2774-1