Computer Security
[EN] securityvulns.ru no-pyccku


PgnuPG use-after-free vulnerability
Published:28.07.2010
Source:
SecurityVulns ID:11017
Type:library
Threat Level:
7/10
Description:Use-after free vulnerability on certificate parsing.
Affected:GNU : GnuPG 2.0
CVE:CVE-2010-2547 (Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2076-1] New gnupg2 packages fix potential code execution (28.07.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod