Gentoo Linux Security Advisory 201110-15 - The GPGSM utility included in GnuPG contains a use-after-free vulnerability that may allow an unauthenticated remote attacker to execute arbitrary code. Versions less than 2.0.16-r1 are affected.
573d8657d4970ffeaed731d2993bb650f04fc743713f93a4b4fbcf1e1a9510c1Ubuntu Security Notice 970-1 - It was discovered that GPGSM in GnuPG2 did not correctly handle certificates with a large number of Subject Alternate Names. If a user or automated system were tricked into processing a specially crafted certificate, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
d7bcec645912901061545ca9bcf57c0e030208a29b948c2923a6ce3ec1c00633Mandriva Linux Security Advisory 2010-143 - Importing a certificate with more than 98 Subject Alternate Names via GPGSM's import command or implicitly while verifying a signature causes GPGSM to reallocate an array with the names. The bug is that the reallocation code misses assigning the reallocated array to the old array variable and thus the old and freed array will be used. Usually this leads to a segv.
0b1f12af27e95a4dd06339986fdf1a7151ba73f5188e5985850ed2915b1a11a5Debian Linux Security Advisory 2076-1 - It was discovered that GnuPG 2 uses a freed pointer when verify a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution.
791f0ef804a3c3e64ed5491c141bbc5664f78fd7be85e7e9b5037de9cc8f5f6a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed