cvelistv5 - cve-2010-2547

CVE-2010-2547 (GCVE-0-2010-2547)

Vulnerability from cvelistv5

Published

2010-08-05 18:00

Modified

2024-08-07 02:39

Severity ?

CWE

Summary

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.

References

►

URL

Tags

secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html	Patch, Vendor Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/38877	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/40718	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/40841	Broken Link, Vendor Advisory
secalert@redhat.com	http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008	Broken Link
secalert@redhat.com	http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076	Broken Link
secalert@redhat.com	http://www.debian.org/security/2010/dsa-2076	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2010:143	Broken Link
secalert@redhat.com	http://www.securityfocus.com/bid/41945	Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.securitytracker.com/id?1024247	Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/1931	Broken Link, Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/1950	Broken Link, Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/1988	Broken Link, Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/2217	Broken Link
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/3125	Broken Link
secalert@redhat.com	https://issues.rpath.com/browse/RPL-3229	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38877	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40718	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40841	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2010/dsa-2076	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:143	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/41945	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024247	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1931	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1950	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1988	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2217	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/3125	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-3229	Broken Link

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:39:37.671Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2010:143",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:143"
          },
          {
            "name": "ADV-2010-1988",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1988"
          },
          {
            "name": "SUSE-SR:2010:020",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-3229"
          },
          {
            "name": "ADV-2010-1931",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1931"
          },
          {
            "name": "41945",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/41945"
          },
          {
            "name": "FEDORA-2010-11413",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html"
          },
          {
            "name": "DSA-2076",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2076"
          },
          {
            "name": "1024247",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024247"
          },
          {
            "name": "[gnupg-announce] 20100723 [Announce] Security Alert for GnuPG 2.0 - Realloc bug in GPGSM",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html"
          },
          {
            "name": "38877",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38877"
          },
          {
            "name": "40841",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40841"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076"
          },
          {
            "name": "40718",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40718"
          },
          {
            "name": "ADV-2010-3125",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3125"
          },
          {
            "name": "ADV-2010-1950",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1950"
          },
          {
            "name": "SSA:2010-240-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462008"
          },
          {
            "name": "ADV-2010-2217",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2217"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-07-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-09-08T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "MDVSA-2010:143",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:143"
        },
        {
          "name": "ADV-2010-1988",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1988"
        },
        {
          "name": "SUSE-SR:2010:020",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-3229"
        },
        {
          "name": "ADV-2010-1931",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1931"
        },
        {
          "name": "41945",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/41945"
        },
        {
          "name": "FEDORA-2010-11413",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html"
        },
        {
          "name": "DSA-2076",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2076"
        },
        {
          "name": "1024247",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024247"
        },
        {
          "name": "[gnupg-announce] 20100723 [Announce] Security Alert for GnuPG 2.0 - Realloc bug in GPGSM",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html"
        },
        {
          "name": "38877",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38877"
        },
        {
          "name": "40841",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40841"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076"
        },
        {
          "name": "40718",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40718"
        },
        {
          "name": "ADV-2010-3125",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3125"
        },
        {
          "name": "ADV-2010-1950",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1950"
        },
        {
          "name": "SSA:2010-240-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462008"
        },
        {
          "name": "ADV-2010-2217",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2217"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-2547",
    "datePublished": "2010-08-05T18:00:00",
    "dateReserved": "2010-06-30T00:00:00",
    "dateUpdated": "2024-08-07T02:39:37.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-2547\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-08-05T18:17:57.243\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n (use-after-free) en kbx/keybox-blob.c en GPGSM de GnuPG v2.x hasta v2.0.16 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del sistema) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante un certificado con un gran n\u00famero de Subject Alternate Names, que no es manejado de forma adecuada en una operaci\u00f3n realloc cuando se importa el certificado o se verifica su firma.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.0.16\",\"matchCriteriaId\":\"9A6E093F-B054-46B5-92A3-B106E784F30E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2D59BD0-43DE-4E58-A057-640AB98359A6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C757774-08E7-40AA-B532-6F705C8F7639\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/38877\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/40718\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/40841\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462008\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.debian.org/security/2010/dsa-2076\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:143\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/41945\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1024247\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1931\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1950\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1988\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/2217\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/3125\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://issues.rpath.com/browse/RPL-3229\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/38877\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/40718\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/40841\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462008\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.debian.org/security/2010/dsa-2076\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:143\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/41945\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1024247\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1931\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1950\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1988\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/2217\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/3125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://issues.rpath.com/browse/RPL-3229\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]}],\"evaluatorImpact\":\"Per: http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html\\n\\n\u0027GnuPG 1.x is NOT affected because it does not come with the GPGSM\\ntool.\u0027\"}}"
  }
}

rhsa-2010:0603

Vulnerability from csaf_redhat

Published

2010-08-04 21:42

Modified

2024-11-22 03:36

Summary

Red Hat Security Advisory: gnupg2 security update

Notes

Topic

An updated gnupg2 package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A use-after-free flaw was found in the way gpgsm, a Cryptographic Message Syntax (CMS) encryption and signing tool, handled X.509 certificates with a large number of Subject Alternate Names. A specially-crafted X.509 certificate could, when imported, cause gpgsm to crash or, possibly, execute arbitrary code. (CVE-2010-2547) All gnupg2 users should upgrade to this updated package, which contains a backported patch to correct this issue.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated gnupg2 package that fixes one security issue is now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and\ncreating digital signatures, compliant with the proposed OpenPGP Internet\nstandard and the S/MIME standard.\n\nA use-after-free flaw was found in the way gpgsm, a Cryptographic Message\nSyntax (CMS) encryption and signing tool, handled X.509 certificates with\na large number of Subject Alternate Names. A specially-crafted X.509\ncertificate could, when imported, cause gpgsm to crash or, possibly,\nexecute arbitrary code. (CVE-2010-2547)\n\nAll gnupg2 users should upgrade to this updated package, which contains a\nbackported patch to correct this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2010:0603",
        "url": "https://access.redhat.com/errata/RHSA-2010:0603"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "618156",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618156"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0603.json"
      }
    ],
    "title": "Red Hat Security Advisory: gnupg2 security update",
    "tracking": {
      "current_release_date": "2024-11-22T03:36:30+00:00",
      "generator": {
        "date": "2024-11-22T03:36:30+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2010:0603",
      "initial_release_date": "2010-08-04T21:42:00+00:00",
      "revision_history": [
        {
          "date": "2010-08-04T21:42:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2010-08-04T17:42:19+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T03:36:30+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gnupg2-0:2.0.10-3.el5_5.1.src",
                "product": {
                  "name": "gnupg2-0:2.0.10-3.el5_5.1.src",
                  "product_id": "gnupg2-0:2.0.10-3.el5_5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg2@2.0.10-3.el5_5.1?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gnupg2-0:2.0.10-3.el5_5.1.x86_64",
                "product": {
                  "name": "gnupg2-0:2.0.10-3.el5_5.1.x86_64",
                  "product_id": "gnupg2-0:2.0.10-3.el5_5.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg2@2.0.10-3.el5_5.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.x86_64",
                "product": {
                  "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.x86_64",
                  "product_id": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg2-debuginfo@2.0.10-3.el5_5.1?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gnupg2-0:2.0.10-3.el5_5.1.i386",
                "product": {
                  "name": "gnupg2-0:2.0.10-3.el5_5.1.i386",
                  "product_id": "gnupg2-0:2.0.10-3.el5_5.1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg2@2.0.10-3.el5_5.1?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.i386",
                "product": {
                  "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.i386",
                  "product_id": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg2-debuginfo@2.0.10-3.el5_5.1?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gnupg2-0:2.0.10-3.el5_5.1.ia64",
                "product": {
                  "name": "gnupg2-0:2.0.10-3.el5_5.1.ia64",
                  "product_id": "gnupg2-0:2.0.10-3.el5_5.1.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg2@2.0.10-3.el5_5.1?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ia64",
                "product": {
                  "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ia64",
                  "product_id": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg2-debuginfo@2.0.10-3.el5_5.1?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gnupg2-0:2.0.10-3.el5_5.1.ppc",
                "product": {
                  "name": "gnupg2-0:2.0.10-3.el5_5.1.ppc",
                  "product_id": "gnupg2-0:2.0.10-3.el5_5.1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg2@2.0.10-3.el5_5.1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ppc",
                "product": {
                  "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ppc",
                  "product_id": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg2-debuginfo@2.0.10-3.el5_5.1?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gnupg2-0:2.0.10-3.el5_5.1.s390x",
                "product": {
                  "name": "gnupg2-0:2.0.10-3.el5_5.1.s390x",
                  "product_id": "gnupg2-0:2.0.10-3.el5_5.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg2@2.0.10-3.el5_5.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.s390x",
                "product": {
                  "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.s390x",
                  "product_id": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg2-debuginfo@2.0.10-3.el5_5.1?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-0:2.0.10-3.el5_5.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gnupg2-0:2.0.10-3.el5_5.1.i386"
        },
        "product_reference": "gnupg2-0:2.0.10-3.el5_5.1.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-0:2.0.10-3.el5_5.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gnupg2-0:2.0.10-3.el5_5.1.ia64"
        },
        "product_reference": "gnupg2-0:2.0.10-3.el5_5.1.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-0:2.0.10-3.el5_5.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gnupg2-0:2.0.10-3.el5_5.1.ppc"
        },
        "product_reference": "gnupg2-0:2.0.10-3.el5_5.1.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-0:2.0.10-3.el5_5.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gnupg2-0:2.0.10-3.el5_5.1.s390x"
        },
        "product_reference": "gnupg2-0:2.0.10-3.el5_5.1.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-0:2.0.10-3.el5_5.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gnupg2-0:2.0.10-3.el5_5.1.src"
        },
        "product_reference": "gnupg2-0:2.0.10-3.el5_5.1.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-0:2.0.10-3.el5_5.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gnupg2-0:2.0.10-3.el5_5.1.x86_64"
        },
        "product_reference": "gnupg2-0:2.0.10-3.el5_5.1.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.i386"
        },
        "product_reference": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ia64"
        },
        "product_reference": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ppc"
        },
        "product_reference": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.s390x"
        },
        "product_reference": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.x86_64"
        },
        "product_reference": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-0:2.0.10-3.el5_5.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gnupg2-0:2.0.10-3.el5_5.1.i386"
        },
        "product_reference": "gnupg2-0:2.0.10-3.el5_5.1.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-0:2.0.10-3.el5_5.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gnupg2-0:2.0.10-3.el5_5.1.ia64"
        },
        "product_reference": "gnupg2-0:2.0.10-3.el5_5.1.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-0:2.0.10-3.el5_5.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gnupg2-0:2.0.10-3.el5_5.1.ppc"
        },
        "product_reference": "gnupg2-0:2.0.10-3.el5_5.1.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-0:2.0.10-3.el5_5.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gnupg2-0:2.0.10-3.el5_5.1.s390x"
        },
        "product_reference": "gnupg2-0:2.0.10-3.el5_5.1.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-0:2.0.10-3.el5_5.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gnupg2-0:2.0.10-3.el5_5.1.src"
        },
        "product_reference": "gnupg2-0:2.0.10-3.el5_5.1.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-0:2.0.10-3.el5_5.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gnupg2-0:2.0.10-3.el5_5.1.x86_64"
        },
        "product_reference": "gnupg2-0:2.0.10-3.el5_5.1.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.i386"
        },
        "product_reference": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ia64"
        },
        "product_reference": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ppc"
        },
        "product_reference": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.s390x"
        },
        "product_reference": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.x86_64"
        },
        "product_reference": "gnupg2-debuginfo-0:2.0.10-3.el5_5.1.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2010-2547",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2010-07-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "618156"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "2: use-after-free when importing certificate with many alternate names",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:gnupg2-0:2.0.10-3.el5_5.1.i386",
          "5Client:gnupg2-0:2.0.10-3.el5_5.1.ia64",
          "5Client:gnupg2-0:2.0.10-3.el5_5.1.ppc",
          "5Client:gnupg2-0:2.0.10-3.el5_5.1.s390x",
          "5Client:gnupg2-0:2.0.10-3.el5_5.1.src",
          "5Client:gnupg2-0:2.0.10-3.el5_5.1.x86_64",
          "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.i386",
          "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ia64",
          "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ppc",
          "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.s390x",
          "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.x86_64",
          "5Server:gnupg2-0:2.0.10-3.el5_5.1.i386",
          "5Server:gnupg2-0:2.0.10-3.el5_5.1.ia64",
          "5Server:gnupg2-0:2.0.10-3.el5_5.1.ppc",
          "5Server:gnupg2-0:2.0.10-3.el5_5.1.s390x",
          "5Server:gnupg2-0:2.0.10-3.el5_5.1.src",
          "5Server:gnupg2-0:2.0.10-3.el5_5.1.x86_64",
          "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.i386",
          "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ia64",
          "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ppc",
          "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.s390x",
          "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-2547"
        },
        {
          "category": "external",
          "summary": "RHBZ#618156",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618156"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-2547",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-2547"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2547",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2547"
        }
      ],
      "release_date": "2010-07-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:42:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:gnupg2-0:2.0.10-3.el5_5.1.i386",
            "5Client:gnupg2-0:2.0.10-3.el5_5.1.ia64",
            "5Client:gnupg2-0:2.0.10-3.el5_5.1.ppc",
            "5Client:gnupg2-0:2.0.10-3.el5_5.1.s390x",
            "5Client:gnupg2-0:2.0.10-3.el5_5.1.src",
            "5Client:gnupg2-0:2.0.10-3.el5_5.1.x86_64",
            "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.i386",
            "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ia64",
            "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ppc",
            "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.s390x",
            "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.x86_64",
            "5Server:gnupg2-0:2.0.10-3.el5_5.1.i386",
            "5Server:gnupg2-0:2.0.10-3.el5_5.1.ia64",
            "5Server:gnupg2-0:2.0.10-3.el5_5.1.ppc",
            "5Server:gnupg2-0:2.0.10-3.el5_5.1.s390x",
            "5Server:gnupg2-0:2.0.10-3.el5_5.1.src",
            "5Server:gnupg2-0:2.0.10-3.el5_5.1.x86_64",
            "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.i386",
            "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ia64",
            "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ppc",
            "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.s390x",
            "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0603"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:gnupg2-0:2.0.10-3.el5_5.1.i386",
            "5Client:gnupg2-0:2.0.10-3.el5_5.1.ia64",
            "5Client:gnupg2-0:2.0.10-3.el5_5.1.ppc",
            "5Client:gnupg2-0:2.0.10-3.el5_5.1.s390x",
            "5Client:gnupg2-0:2.0.10-3.el5_5.1.src",
            "5Client:gnupg2-0:2.0.10-3.el5_5.1.x86_64",
            "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.i386",
            "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ia64",
            "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ppc",
            "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.s390x",
            "5Client:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.x86_64",
            "5Server:gnupg2-0:2.0.10-3.el5_5.1.i386",
            "5Server:gnupg2-0:2.0.10-3.el5_5.1.ia64",
            "5Server:gnupg2-0:2.0.10-3.el5_5.1.ppc",
            "5Server:gnupg2-0:2.0.10-3.el5_5.1.s390x",
            "5Server:gnupg2-0:2.0.10-3.el5_5.1.src",
            "5Server:gnupg2-0:2.0.10-3.el5_5.1.x86_64",
            "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.i386",
            "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ia64",
            "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.ppc",
            "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.s390x",
            "5Server:gnupg2-debuginfo-0:2.0.10-3.el5_5.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "2: use-after-free when importing certificate with many alternate names"
    }
  ]
}

gsd-2010-2547

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2010-2547

Aliases

CVE-2010-2547

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-2547",
    "description": "Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.",
    "id": "GSD-2010-2547",
    "references": [
      "https://www.suse.com/security/cve/CVE-2010-2547.html",
      "https://www.debian.org/security/2010/dsa-2076",
      "https://access.redhat.com/errata/RHSA-2010:0603",
      "https://linux.oracle.com/cve/CVE-2010-2547.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-2547"
      ],
      "details": "Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.",
      "id": "GSD-2010-2547",
      "modified": "2023-12-13T01:21:31.331536Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2010-2547",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
          },
          {
            "name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html",
            "refsource": "MISC",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html"
          },
          {
            "name": "http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html",
            "refsource": "MISC",
            "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html"
          },
          {
            "name": "http://secunia.com/advisories/38877",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38877"
          },
          {
            "name": "http://secunia.com/advisories/40718",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/40718"
          },
          {
            "name": "http://secunia.com/advisories/40841",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/40841"
          },
          {
            "name": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462008",
            "refsource": "MISC",
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462008"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076",
            "refsource": "MISC",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076"
          },
          {
            "name": "http://www.debian.org/security/2010/dsa-2076",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2010/dsa-2076"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:143",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:143"
          },
          {
            "name": "http://www.securityfocus.com/bid/41945",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/41945"
          },
          {
            "name": "http://www.securitytracker.com/id?1024247",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id?1024247"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/1931",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/1931"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/1950",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/1950"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/1988",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/1988"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/2217",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/2217"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/3125",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/3125"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-3229",
            "refsource": "MISC",
            "url": "https://issues.rpath.com/browse/RPL-3229"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9A6E093F-B054-46B5-92A3-B106E784F30E",
                    "versionEndIncluding": "2.0.16",
                    "versionStartIncluding": "2.0.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature."
          },
          {
            "lang": "es",
            "value": "Vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n (use-after-free) en kbx/keybox-blob.c en GPGSM de GnuPG v2.x hasta v2.0.16 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del sistema) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante un certificado con un gran n\u00famero de Subject Alternate Names, que no es manejado de forma adecuada en una operaci\u00f3n realloc cuando se importa el certificado o se verifica su firma."
          }
        ],
        "evaluatorImpact": "Per: http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html\n\n\u0027GnuPG 1.x is NOT affected because it does not come with the GPGSM\ntool.\u0027",
        "id": "CVE-2010-2547",
        "lastModified": "2024-02-02T16:34:14.210",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.1,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 4.9,
              "impactScore": 6.4,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.2,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2010-08-05T18:17:57.243",
        "references": [
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Patch",
              "Vendor Advisory"
            ],
            "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/38877"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/40718"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/40841"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462008"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2076"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:143"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/bid/41945"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securitytracker.com/id?1024247"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1931"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1950"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1988"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2217"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3125"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "https://issues.rpath.com/browse/RPL-3229"
          }
        ],
        "sourceIdentifier": "secalert@redhat.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-416"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

fkie_cve-2010-2547

Vulnerability from fkie_nvd

Published

2010-08-05 18:17

Modified

2025-04-11 00:51

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html	Patch, Vendor Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/38877	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/40718	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/40841	Broken Link, Vendor Advisory
secalert@redhat.com	http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008	Broken Link
secalert@redhat.com	http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076	Broken Link
secalert@redhat.com	http://www.debian.org/security/2010/dsa-2076	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2010:143	Broken Link
secalert@redhat.com	http://www.securityfocus.com/bid/41945	Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.securitytracker.com/id?1024247	Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/1931	Broken Link, Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/1950	Broken Link, Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/1988	Broken Link, Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/2217	Broken Link
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/3125	Broken Link
secalert@redhat.com	https://issues.rpath.com/browse/RPL-3229	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38877	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40718	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40841	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2010/dsa-2076	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:143	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/41945	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024247	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1931	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1950	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1988	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2217	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/3125	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-3229	Broken Link

Impacted products

Vendor	Product	Version
gnupg	gnupg	*
fedoraproject	fedora	13
debian	debian_linux	5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A6E093F-B054-46B5-92A3-B106E784F30E",
              "versionEndIncluding": "2.0.16",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n (use-after-free) en kbx/keybox-blob.c en GPGSM de GnuPG v2.x hasta v2.0.16 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del sistema) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante un certificado con un gran n\u00famero de Subject Alternate Names, que no es manejado de forma adecuada en una operaci\u00f3n realloc cuando se importa el certificado o se verifica su firma."
    }
  ],
  "evaluatorImpact": "Per: http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html\n\n\u0027GnuPG 1.x is NOT affected because it does not come with the GPGSM\ntool.\u0027",
  "id": "CVE-2010-2547",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2010-08-05T18:17:57.243",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38877"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40718"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40841"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462008"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2076"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:143"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/41945"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1024247"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1931"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1950"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1988"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2217"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/3125"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://issues.rpath.com/browse/RPL-3229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40718"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/41945"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1024247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/3125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://issues.rpath.com/browse/RPL-3229"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-jjg3-cx5h-88wm

Vulnerability from github

Published

2022-05-17 05:45

Modified

2024-02-02 18:30

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-2547"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-08-05T18:17:00Z",
    "severity": "MODERATE"
  },
  "details": "Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.",
  "id": "GHSA-jjg3-cx5h-88wm",
  "modified": "2024-02-02T18:30:22Z",
  "published": "2022-05-17T05:45:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2547"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2010:0603"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2010-2547"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618156"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-3229"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38877"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/40718"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/40841"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462008"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2010/dsa-2076"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:143"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/41945"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024247"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1931"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1950"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1988"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2217"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/3125"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

opensuse-su-2024:10102-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

gpg2-2.1.16-1.1 on GA media

Notes

Title of the patch

gpg2-2.1.16-1.1 on GA media

Description of the patch

These are all security issues fixed in the gpg2-2.1.16-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10102

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "gpg2-2.1.16-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the gpg2-2.1.16-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10102",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10102-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2010-2547 page",
        "url": "https://www.suse.com/security/cve/CVE-2010-2547/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2013-4351 page",
        "url": "https://www.suse.com/security/cve/CVE-2013-4351/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2013-4402 page",
        "url": "https://www.suse.com/security/cve/CVE-2013-4402/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-4617 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-4617/"
      }
    ],
    "title": "gpg2-2.1.16-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10102-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gpg2-2.1.16-1.1.aarch64",
                "product": {
                  "name": "gpg2-2.1.16-1.1.aarch64",
                  "product_id": "gpg2-2.1.16-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "gpg2-lang-2.1.16-1.1.aarch64",
                "product": {
                  "name": "gpg2-lang-2.1.16-1.1.aarch64",
                  "product_id": "gpg2-lang-2.1.16-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gpg2-2.1.16-1.1.ppc64le",
                "product": {
                  "name": "gpg2-2.1.16-1.1.ppc64le",
                  "product_id": "gpg2-2.1.16-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "gpg2-lang-2.1.16-1.1.ppc64le",
                "product": {
                  "name": "gpg2-lang-2.1.16-1.1.ppc64le",
                  "product_id": "gpg2-lang-2.1.16-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gpg2-2.1.16-1.1.s390x",
                "product": {
                  "name": "gpg2-2.1.16-1.1.s390x",
                  "product_id": "gpg2-2.1.16-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "gpg2-lang-2.1.16-1.1.s390x",
                "product": {
                  "name": "gpg2-lang-2.1.16-1.1.s390x",
                  "product_id": "gpg2-lang-2.1.16-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gpg2-2.1.16-1.1.x86_64",
                "product": {
                  "name": "gpg2-2.1.16-1.1.x86_64",
                  "product_id": "gpg2-2.1.16-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "gpg2-lang-2.1.16-1.1.x86_64",
                "product": {
                  "name": "gpg2-lang-2.1.16-1.1.x86_64",
                  "product_id": "gpg2-lang-2.1.16-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gpg2-2.1.16-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64"
        },
        "product_reference": "gpg2-2.1.16-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gpg2-2.1.16-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le"
        },
        "product_reference": "gpg2-2.1.16-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gpg2-2.1.16-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x"
        },
        "product_reference": "gpg2-2.1.16-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gpg2-2.1.16-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64"
        },
        "product_reference": "gpg2-2.1.16-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gpg2-lang-2.1.16-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64"
        },
        "product_reference": "gpg2-lang-2.1.16-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gpg2-lang-2.1.16-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le"
        },
        "product_reference": "gpg2-lang-2.1.16-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gpg2-lang-2.1.16-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x"
        },
        "product_reference": "gpg2-lang-2.1.16-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gpg2-lang-2.1.16-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
        },
        "product_reference": "gpg2-lang-2.1.16-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2010-2547",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2010-2547"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2010-2547",
          "url": "https://www.suse.com/security/cve/CVE-2010-2547"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 625947 for CVE-2010-2547",
          "url": "https://bugzilla.suse.com/625947"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2010-2547"
    },
    {
      "cve": "CVE-2013-4351",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2013-4351"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2013-4351",
          "url": "https://www.suse.com/security/cve/CVE-2013-4351"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 840510 for CVE-2013-4351",
          "url": "https://bugzilla.suse.com/840510"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2013-4351"
    },
    {
      "cve": "CVE-2013-4402",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2013-4402"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2013-4402",
          "url": "https://www.suse.com/security/cve/CVE-2013-4402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 844175 for CVE-2013-4402",
          "url": "https://bugzilla.suse.com/844175"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 941439 for CVE-2013-4402",
          "url": "https://bugzilla.suse.com/941439"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2013-4402"
    },
    {
      "cve": "CVE-2014-4617",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-4617"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-4617",
          "url": "https://www.suse.com/security/cve/CVE-2014-4617"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 884130 for CVE-2014-4617",
          "url": "https://bugzilla.suse.com/884130"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962098 for CVE-2014-4617",
          "url": "https://bugzilla.suse.com/962098"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-4617"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-2547 (GCVE-0-2010-2547)

Vulnerability from cvelistv5

rhsa-2010:0603

Vulnerability from csaf_redhat

gsd-2010-2547

Vulnerability from gsd

fkie_cve-2010-2547

Vulnerability from fkie_nvd

ghsa-jjg3-cx5h-88wm

Vulnerability from github

opensuse-su-2024:10102-1

Vulnerability from csaf_opensuse

Tags

Sightings

Nomenclature