Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x up to and including 2.0.16 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnupg gnupg |
||
fedoraproject fedora 13 |
||
debian debian linux 5.0 |