← CVECheck
HomeVulnerabilities

CVE-2003-0971 — MEDIUM severity vulnerability (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates E)

GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.

CVE IDCVE-2003-0971
SeverityMEDIUM
CVSS score5.0
CVSS vectorAV:N/AC:L/Au:N/C:P/I:N/A:N
CWENVD-CWE-Other
StatusModified
Published2003-12-15
Last modified2026-04-16
DescriptionGnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →