Vigil@nce - GnuPG: infinite loop of Truncated zlib
July 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send an encrypted message with truncated
compressed data, to generate an infinite loop in GnuPG, in order
to trigger a denial of service.
Impacted products: Debian, Fedora, GnuPG, openSUSE, Slackware,
Ubuntu
Severity: 2/4
Creation date: 24/06/2014
DESCRIPTION OF THE VULNERABILITY
The OpenPGP format compresses (zlib algorithm) the message before
encrypting it.
The GnuPG product uncompresses the decrypted message. However, if
compressed data are too short, the do_uncompress() function of the
g10/compress.c file continues indefinitely to wait for these data.
An attacker can therefore send an encrypted message with truncated
compressed data, to generate an infinite loop in GnuPG, in order
to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/GnuPG-infinite-loop-of-Truncated-zlib-14927