CVE-2015-3406

High

The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be…

mitre·CWE-681·Published 2019-11-29

CVSS

7.5

EPSS

0.02

KEV

Exploits

cve.orgen

193 chars

The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.

NVDen

193 chars

The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.

El análisis de la firma PGP en Module::Signature versiones anteriores a 0.74, permite a atacantes remotos causar que la parte sin firmar de un archivo SIGNATURE sea tratada como la parte firmada mediante vectores no especificados.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.4	10.0	4.9	AV:N/AC:L/Au:N/C:N/I:P/A:P
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N