New Flaw Discovered in GNUPG Creates Denial of Service Vulnerability

A new flaw discovered in GNUPG allows an unauthenticated user to create a denial of service attack by send carefully crafted data to the victim with compressed data that will use up all of the server's resources, causing it to crash.

It impacts all versions of GNUPG and the attack is easy to exploit, meaning that a rash of these DOS attacks is likely to become the norm over the next few days as tools are built to allow low-skill attackers to trivially use the exploit.

A fix has been issued by the GNUPG developers. You have to be sure to update both gnupg and gpgv as both packages are vulnerable to the attack.

More information about the vulnerability can be pulled from the CVE here: http://www.cvedetails.com/cve/CVE-2014-4617/

< last
next >