PUBLISHED DATE: August 14, 2001CVE-2001-0522:
Format String Vulnerability

Description

Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.

Products

• GNU GNU Privacy Guard 7.1
• GNU GNU Privacy Guard 7.2
• GNU GNU Privacy Guard 8.0

Questions to Ask Vendors

1. Can you confirm whether your systems are affected by CVE-2001-0522, and if so, what steps are you currently taking to mitigate this vulnerability?
2. What is your estimated timeline for fully resolving CVE-2001-0522 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

• Check out the advisory links provided below.

References

• https://nvd.nist.gov/vuln/detail/CVE-2001-0522