CVE-2014-3564
Mandriva Linux Security Advisory 2014-160
Severity Score
Exploit Likelihood
Affected Versions
4Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."
Múltiples desbordamientos de buffer basado en memoria dinámica en la función status_handler en (1) engine-gpgsm.c y (2) engine-uiserver.c en GPGME anterior a 1.5.1 permiten a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de vectores relacionados con 'longitudes de línea diferentes en un orden especifico.'
Tomas Trnka discovered a heap-based buffer overflow within the gpgsm status handler of GPGME, a library designed to make access to GnuPG easier for applications. An attacker could use this issue to cause an application using GPGME to crash (denial of service) or possibly to execute arbitrary code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-05-14 CVE Reserved
- 2014-08-07 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git%3Ba=commit%3Bh=2cbd76f7911fc215845e89b50... | X_refsource_confirm | |
| http://seclists.org/oss-sec/2014/q3/266 | Mailing List |
|
| http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | X_refsource_confirm |
|
| http://www.osvdb.org/109699 | Vdb Entry | |
| http://www.securityfocus.com/bid/68990 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2014/dsa-3005 | 2023-02-13 |