CVE-2010-2547 – 2: use-after-free when importing certificate with many alternate names
https://notcve.org/view.php?id=CVE-2010-2547
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature. Vulnerabilidad de uso después de la liberación (use-after-free) en kbx/keybox-blob.c en GPGSM de GnuPG v2.x hasta v2.0.16 permite a atacantes remotos causar una denegación de servicio (caída del sistema) y posiblemente ejecutar código de su elección mediante un certificado con un gran número de Subject Alternate Names, que no es manejado de forma adecuada en una operación realloc cuando se importa el certificado o se verifica su firma. • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html http://secunia.com/advisories/38877 http://secunia.com/advisories/40718 http://secunia.com/advisories/40841 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076 http://www.debi • CWE-416: Use After Free •
CVE-2008-1530
https://notcve.org/view.php?id=CVE-2008-1530
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs." GnuPG (gpg) 1.4.8 y 2.0.8 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de claves duplicadas manipuladas que son importadas de un servidor de claves, lo cual dispara "corrupción de memoria en torno a la duplicación de identificadores de usuario". • http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html http://secunia.com/advisories/29568 http://www.ocert.org/advisories/ocert-2008-1.html http://www.securityfocus.com/bid/28487 http://www.vupen.com/english/advisories/2008/1056/references https://bugs.g10code.com/gnupg/issue894 https://bugs.gentoo.org/show_bug.cgi?id=214990 https://exchange.xforce.ibmcloud.com/vulnerabilities/41547 • CWE-399: Resource Management Errors •
CVE-2007-1263 – GnuPG 1.x - Signed Message Arbitrary Content Injection
https://notcve.org/view.php?id=CVE-2007-1263
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection. GnuPG 1.4.6 y anteriores y GPGME anterior a 1.1.4, al ser ejecutado desde la línea de comandos, no distingue visualmente trozos firmados de no firmados en mensajes OpenPGP con múltiples componentes, lo cual podría permitir a atacantes remotos falsificar el contenido de un mensaje sin ser detectado. • https://www.exploit-db.com/exploits/29689 ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2775 http://fedoranews.org/cms/node/2776 http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html http://secunia.com/advisories/24365 http://secunia.com/advisories/24407 http://secunia.com/advisories/24419 http://secunia.com/advisories/24420 http •
CVE-2006-6169 – : gnupg2 < 2.0.1 buffer overflow
https://notcve.org/view.php?id=CVE-2006-6169
Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt. Desbordamiento de búfer basado en montículo en la función ask_outfile_name en el openfile.c para GnuPG (gpg) 1.4 y 2.0, cuando se está ejecutando interactivamente, podría permitir a atacantes remotos ejecutar código de su elección mediante mensajes con expansiones "C-escape", que provocan que la función make_printable_string devuelva una cadena más larga de lo esperado mientras construye un aviso. • ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html http://secunia.com/advisories/23094 http://secunia.com/advisories/23110 http://secunia.com/advisories/23146 http://secunia.com/advisories/23161 http://secunia.com/advisories/23171 http://secunia.com/advisories/23250 http://secunia.com/advisories/23269 http://secunia. •
CVE-2006-3746 – GnuPG 1.4/1.9 - Parse_Comment Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-3746
Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message. Desbordamiento de búfer de enteros en parse_comment en GnuPG (gpg) 1.4.4 permite a atacantes remotos provocar denegación de servicio (fallo de segmentación) a través de un mensaje manipulado. • https://www.exploit-db.com/exploits/28257 ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg.CVE-2006-3746.diff?bug=381204%3Bmsg=15%3Batt=1 http://issues.rpath.com/browse/RPL-560 http://lists.immunitysec.com/pipermail/dailydave/2006-July/003354.html http://lwn.net/Alerts/194228 http://secunia.com/advisories/21297 http://secunia.com/advisories/21300 http://secunia.com/advisories/21306 http://secunia.c •