News

CompanyCRYPT is not affected by GnuPG Buffer Overflow

While fixing a bug a buffer overflow has been identified in all released GnuPG versions. The current versions 1.4.5 and 2.0.0 are affected. When running GnuPG interactively, special crafted messages may be used to crash gpg or gpg2. Running gpg in batch mode, as done by all software using gpg as a backend (e.g. mailers or CompanyCRYPT), is not affected by this bug. Exploiting this overflow seems to be possible. CompanyCRYPT is not affected by this GnuPG bug.