Published: 05/08/2010 Updated: 02/02/2024

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 454

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x up to and including 2.0.16 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnupg gnupg
fedoraproject fedora 13
debian debian linux 5.0

Synopsis Moderate: gnupg2 security update Type/Severity Security Advisory: Moderate Topic An updated gnupg2 package that fixes one security issue is now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerability ...

It was discovered that GPGSM in GnuPG2 did not correctly handle certificates with a large number of Subject Alternate Names If a user or automated system were tricked into processing a specially crafted certificate, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program ...

CWE-416 http://www.debian.org/security/2010/dsa-2076 http://www.securitytracker.com/id?1024247 http://secunia.com/advisories/38877 http://secunia.com/advisories/40718 http://www.mandriva.com/security/advisories?name=MDVSA-2010:143 http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html http://www.vupen.com/english/advisories/2010/1988 http://www.vupen.com/english/advisories/2010/1931 http://www.vupen.com/english/advisories/2010/1950 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html http://www.securityfocus.com/bid/41945 http://secunia.com/advisories/40841 http://www.vupen.com/english/advisories/2010/2217 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html https://issues.rpath.com/browse/RPL-3229 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076 http://www.vupen.com/english/advisories/2010/3125 https://access.redhat.com/errata/RHSA-2010:0603 https://usn.ubuntu.com/970-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-2547

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect