SlackRoll GnuPG And HTTP Codes Signature Validation Bypass Vulnerability And Weakness

SlackRoll GnuPG And HTTP Codes Signature Validation Bypass Vulnerability And Weakness

SlackRoll is prone to a signature-validation bypass vulnerability and an HTTP-error detection weakness

These issues occur because the application fails to adequately interpret certain GnuPG exit codes and HTTP error codes.

An attacker can exploit these issues to bypass GnuPG signature detection. Successful attacks could result in the execution of arbitrary code; other attacks are possible.

Versions prior to SlackRoll 8 are vulnerable.