ID CVE-2010-2547
Summary Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature. Per: http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html 'GnuPG 1.x is NOT affected because it does not come with the GPGSM tool.'
References
Vulnerable Configurations
  • cpe:2.3:a:gnupg:gnupg:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.0.16:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 10-12-2010 - 06:43)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 618156
title CVE-2010-2547 GnuPG 2: use-after-free when importing certificate with many alternate names
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhba:tst:20070331001
  • comment gnupg2 is earlier than 0:2.0.10-3.el5_5.1
    oval oval:com.redhat.rhsa:tst:20100603002
  • comment gnupg2 is signed with Red Hat redhatrelease key
    oval oval:com.redhat.rhsa:tst:20100603003
rhsa
id RHSA-2010:0603
released 2010-08-04
severity Moderate
title RHSA-2010:0603: gnupg2 security update (Moderate)
rpms gnupg2-0:2.0.10-3.el5_5.1
refmap via4
bid 41945
confirm
debian DSA-2076
fedora FEDORA-2010-11413
mandriva MDVSA-2010:143
mlist [gnupg-announce] 20100723 [Announce] Security Alert for GnuPG 2.0 - Realloc bug in GPGSM
sectrack 1024247
secunia
  • 38877
  • 40718
  • 40841
slackware SSA:2010-240-01
suse SUSE-SR:2010:020
vupen
  • ADV-2010-1931
  • ADV-2010-1950
  • ADV-2010-1988
  • ADV-2010-2217
  • ADV-2010-3125
Last major update 10-12-2010 - 06:43
Published 05-08-2010 - 18:17
Back to Top