{"id":"CVE-2019-14855","details":"A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.","modified":"2026-03-15T22:27:54.823297Z","published":"2020-03-20T16:15:14.680Z","related":["CGA-xj3h-hgcc-78px","MGASA-2019-0348","openSUSE-SU-2024:10815-1"],"references":[{"type":"ADVISORY","url":"https://dev.gnupg.org/T4755"},{"type":"ADVISORY","url":"https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4516-1/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14855"},{"type":"EVIDENCE","url":"https://rwc.iacr.org/2020/slides/Leurent.pdf"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14855.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.18"}]},{"events":[{"introduced":"0"},{"last_affected":"30"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}