QwikSec

Security Database

CVE

CWE

Training

CVE-2014-3564

Published: Oct 20, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_DEBIAN

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git%3Ba=commit%3Bh=2cbd76f7911fc215845e89b50d6af5ff4a83dd77

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1113267

x_refsource_CONFIRM

[oss-security] 20140731 CVE-2014-3564 gpgme: heap-based buffer overflow in gpgsm status handler

mailing-list

x_refsource_MLIST

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.