CVE-2014-4617
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0803 (8.0%)
Percentile: 92.1%
EPSS: 2026-05-06
Affects
gnupg:gnupgdebian:debian_linuxopensuse:opensuseTechnical description
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.
Published: 6/25/2014, 11:19:22 AM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=014b2103fcb12f261135e3954f26e9e07b39e342
- http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a
- http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html
- http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html
- http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html
- http://secunia.com/advisories/59213
- http://secunia.com/advisories/59351
- http://secunia.com/advisories/59534