oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Denial of service in GnuPG

From: Demi Marie Obenour <demi () invisiblethingslab com>
Date: Mon, 4 Jul 2022 01:31:18 -0400
GnuPG is vulnerable to a denial of service attack when processing
crafted detached signatures and/or certificates.  By concatenating the
same signature to itself a very large number of times, and then wrapping
them in a compressed packet, I am able to cause GnuPG to take over a
minute to process an input that is less than 5KB armored.

https://dev.gnupg.org/D556 should fix this particular bug by refusing to
process compressed packets in detached signatures and/or certificates.
There may be further problems with non-detached signatures that are not
addressed by D556, but I recommend applying D556 first.

Signature (of /dev/null) that triggers this bug is attached, along with
the corresponding public key.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab

Attachment: test-key.cert
Description:

Attachment: decomp-3
Description:

Attachment: signature.asc
Description:

Previous By Date Next
Previous By Thread Next

Current thread: