CVE-2019-14855

High

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use…

redhat·CWE-326·Published 2020-03-20

CVSS

7.5

EPSS

0.01

KEV

Exploits

cve.orgen

239 chars

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

NVDen

239 chars

NVDes

291 chars

Se detectó un fallo en la manera en que podrían ser falsificadas las firmas de certificados usando colisiones encontradas en el algoritmo SHA-1. Un atacante podría usar esta debilidad para crear firmas de certificados falsificadas. Este problema afecta a GnuPG versiones anteriores a 2.2.18.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.0	Primary	cve.org	5.3	—	—	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N