Описание
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | released | 2.0.14-1.1ubuntu2 |
| hardy | released | 2.0.7-1ubuntu0.1 |
| jaunty | released | 2.0.9-3.1ubuntu0.1 |
| karmic | released | 2.0.12-0ubuntu2.1 |
| lucid | released | 2.0.14-1ubuntu1.2 |
| upstream | released | 2.0.17 |
Показывать по
EPSS
5.1 Medium
CVSS2
8.1 High
CVSS3
Связанные уязвимости
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2. ...
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
EPSS
5.1 Medium
CVSS2
8.1 High
CVSS3