CVE-2010-2547

Severity

51%

Complexity

49%

Confidentiality

106%

Per: http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html 'GnuPG 1.x is NOT affected because it does not come with the GPGSM tool.'

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.

Per: http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html 'GnuPG 1.x is NOT affected because it does not come with the GPGSM tool.'

CVSS 2.0 Base Score 5.1. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P).

Overview

First reported 14 years ago

2010-08-05 18:17:00

Last updated 14 years ago

2010-12-10 06:43:00

Affected Software

GnuPG (Privacy Guard) 2.0

2.0

GnuPG (Privacy Guard) 2.0.1

2.0.1

GnuPG (Privacy Guard) 2.0.3

2.0.3

GnuPG (Privacy Guard) 2.0.4

2.0.4

GnuPG (Privacy Guard) 2.0.5

2.0.5

GnuPG (Privacy Guard) 2.0.6

2.0.6

GnuPG (Privacy Guard) 2.0.7

2.0.7

GnuPG (Privacy Guard) 2.0.8

2.0.8

GnuPG (Privacy Guard) 2.0.10

2.0.10

GnuPG (Privacy Guard) 2.0.11

2.0.11

GnuPG (Privacy Guard) 2.0.12

2.0.12

GnuPG (Privacy Guard) 2.0.13

2.0.13

GnuPG (Privacy Guard) 2.0.14

2.0.14

GnuPG (Privacy Guard) 2.0.15

2.0.15

GnuPG (Privacy Guard) 2.0.16

2.0.16

References

FEDORA-2010-11413

[gnupg-announce] 20100723 [Announce] Security Alert for GnuPG 2.0 - Realloc bug in GPGSM

Patch, Vendor Advisory

SUSE-SR:2010:020

38877

Vendor Advisory

40718

Vendor Advisory

40841

Vendor Advisory

SSA:2010-240-01

http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076

DSA-2076

MDVSA-2010:143

41945

1024247

ADV-2010-1931

Vendor Advisory

ADV-2010-1950

Vendor Advisory

ADV-2010-1988

Vendor Advisory

ADV-2010-2217

ADV-2010-3125

https://issues.rpath.com/browse/RPL-3229

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.