Back to search
CVE-2010-2547
Published: Aug 5, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
MDVSA-2010:143
vendor-advisory
x_refsource_MANDRIVA
ADV-2010-1988
vdb-entry
x_refsource_VUPEN
SUSE-SR:2010:020
vendor-advisory
x_refsource_SUSE
https://issues.rpath.com/browse/RPL-3229
x_refsource_CONFIRM
ADV-2010-1931
vdb-entry
x_refsource_VUPEN
41945
vdb-entry
x_refsource_BID
FEDORA-2010-11413
vendor-advisory
x_refsource_FEDORA
DSA-2076
vendor-advisory
x_refsource_DEBIAN
1024247
vdb-entry
x_refsource_SECTRACK
[gnupg-announce] 20100723 [Announce] Security Alert for GnuPG 2.0 - Realloc bug in GPGSM
mailing-list
x_refsource_MLIST
38877
third-party-advisory
x_refsource_SECUNIA
40841
third-party-advisory
x_refsource_SECUNIA
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076
x_refsource_CONFIRM
40718
third-party-advisory
x_refsource_SECUNIA
ADV-2010-3125
vdb-entry
x_refsource_VUPEN
ADV-2010-1950
vdb-entry
x_refsource_VUPEN
SSA:2010-240-01
vendor-advisory
x_refsource_SLACKWARE
ADV-2010-2217
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now