ID CVE-2010-2547
Summary Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
References
Vulnerable Configurations
  • cpe:2.3:a:gnupg:gnupg:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.16:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 02-02-2024 - 16:34)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 618156
title CVE-2010-2547 GnuPG 2: use-after-free when importing certificate with many alternate names
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • comment gnupg2 is earlier than 0:2.0.10-3.el5_5.1
      oval oval:com.redhat.rhsa:tst:20100603001
    • comment gnupg2 is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20100603002
rhsa
id RHSA-2010:0603
released 2010-08-04
severity Moderate
title RHSA-2010:0603: gnupg2 security update (Moderate)
rpms
  • gnupg2-0:2.0.10-3.el5_5.1
  • gnupg2-debuginfo-0:2.0.10-3.el5_5.1
refmap via4
bid 41945
confirm
debian DSA-2076
fedora FEDORA-2010-11413
mandriva MDVSA-2010:143
mlist [gnupg-announce] 20100723 [Announce] Security Alert for GnuPG 2.0 - Realloc bug in GPGSM
sectrack 1024247
secunia
  • 38877
  • 40718
  • 40841
slackware SSA:2010-240-01
suse SUSE-SR:2010:020
vupen
  • ADV-2010-1931
  • ADV-2010-1950
  • ADV-2010-1988
  • ADV-2010-2217
  • ADV-2010-3125
Last major update 02-02-2024 - 16:34
Published 05-08-2010 - 18:17
Last modified 02-02-2024 - 16:34
Back to Top