oss-sec mailing list archives
Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG
From: Noel Kuntze <noel.kuntze@thermi.consulting>
Date: Mon, 4 Jul 2022 15:05:10 +0200
Hi Peter, It's really not that deep. The attachement is not named after the naming scheme expected of signatures of emails so clients won't try to process it in the context of opening or verifying an email. I had to call gpg locally on the attached fiels to reproduce the issue. But I agree that attaching such files that could be read by clients directly is not a good move. Kind regards Noel Am 04.07.22 um 14:15 schrieb Peter van Dijk:
Hello,On 04/07/2022 07:31 Demi Marie Obenour <demi () invisiblethingslab com> wrote: Signature (of /dev/null) that triggers this bug is attached, along with the corresponding public key.This is insane. You can't send weaponised exploits that crash email clients to public mailing lists. Please do not do this again. Peter
Current thread:
- Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG, (continued)
- Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Jakub Wilk (Jul 04)
- Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Tavis Ormandy (Jul 06)
- Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Demi Marie Obenour (Jul 06)
- Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Alexander Burke (Jul 06)
- Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Solar Designer (Jul 06)
- Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Demi Marie Obenour (Jul 06)
- Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Solar Designer (Jul 06)
- Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Grant Taylor (Jul 06)
- Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Demi Marie Obenour (Jul 06)
- Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Florian Weimer (Jul 06)