Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-2547

Опубликовано: 05 авг. 2010
Источник: nvd
CVSS3: 8.1
CVSS2: 5.1
EPSS Средний

Описание

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*
Версия от 2.0.0 (включая) до 2.0.16 (включая)
Конфигурация 2
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 94%
0.15103
Средний

8.1 High

CVSS3

5.1 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

ubuntu логотип

CVE-2010-2547

CVSS3: 8.1
ubuntu
почти 15 лет назад

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.

redhat логотип

CVE-2010-2547

redhat
почти 15 лет назад

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.

debian логотип

CVE-2010-2547

CVSS3: 8.1
debian
почти 15 лет назад

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2. ...

github логотип

GHSA-jjg3-cx5h-88wm

CVSS3: 8.1
github
около 3 лет назад

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.

oracle-oval логотип

ELSA-2010-0603

oracle-oval
почти 15 лет назад

ELSA-2010-0603: gnupg2 security update (MODERATE)

EPSS

Процентиль: 94%
0.15103
Средний

8.1 High

CVSS3

5.1 Medium

CVSS2

Дефекты

CWE-416
Уязвимость CVE-2010-2547