CVE-2013-4351

Name	CVE-2013-4351
Description	GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
References	DSA-2773-1, DSA-2774-1
Debian Bugs	722722, 722724

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
gnupg2 (PTS)	buster, buster (security)	2.2.12-1+deb10u2	fixed
	bullseye (security), bullseye	2.2.27-2+deb11u2	fixed
	bookworm, sid	2.2.40-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
gnupg	source	squeeze	1.4.10-4+squeeze3		DSA-2773-1
gnupg	source	wheezy	1.4.12-7+deb7u2		DSA-2773-1
gnupg	source	(unstable)	1.4.15-1	low		722722
gnupg2	source	squeeze	2.0.14-2+squeeze2		DSA-2774-1
gnupg2	source	wheezy	2.0.19-2+deb7u1		DSA-2774-1
gnupg2	source	(unstable)	2.0.22-1	low		722724