CVE-2010-2547

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
gnupggnupg
2.0.0 ≤
𝑥
≤ 2.0.16
debiandebian_linux
5.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnupg2
bookworm
2.2.40-1.1
fixed
bullseye
2.2.27-2+deb11u2
fixed
bullseye (security)
2.2.27-2+deb11u2
fixed
sid
2.2.45-2
fixed
trixie
2.2.44-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnupg2
dapper
ignored
hardy
Fixed 2.0.7-1ubuntu0.1
released
jaunty
Fixed 2.0.9-3.1ubuntu0.1
released
karmic
Fixed 2.0.12-0ubuntu2.1
released
lucid
Fixed 2.0.14-1ubuntu1.2
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gpg2
suse enterprise desktop 15
2.2.5-2.9
fixed
suse enterprise desktop 15 SP1
2.2.5-4.6.2
fixed
suse enterprise sap 12 SP5
2.0.24-9.8.1
fixed
suse enterprise sap 15
2.2.5-2.9
fixed
suse enterprise sap 15 SP1
2.2.5-4.6.2
fixed
suse enterprise server 12
2.0.24-1.5
fixed
suse enterprise server 12 SP1
2.0.24-1.5
fixed
suse enterprise server 12 SP2
2.0.24-3.2
fixed
suse enterprise server 12 SP5
2.0.24-9.8.1
fixed
suse enterprise server 15
2.2.5-2.9
fixed
suse enterprise server 15 SP1
2.2.5-4.6.2
fixed
gpg2-lang
suse enterprise desktop 15
2.2.5-2.9
fixed
suse enterprise desktop 15 SP1
2.2.5-4.6.2
fixed
suse enterprise sap 12 SP5
2.0.24-9.8.1
fixed
suse enterprise sap 15
2.2.5-2.9
fixed
suse enterprise sap 15 SP1
2.2.5-4.6.2
fixed
suse enterprise server 12
2.0.24-1.5
fixed
suse enterprise server 12 SP1
2.0.24-1.5
fixed
suse enterprise server 12 SP2
2.0.24-3.2
fixed
suse enterprise server 12 SP5
2.0.24-9.8.1
fixed
suse enterprise server 15
2.2.5-2.9
fixed
suse enterprise server 15 SP1
2.2.5-4.6.2
fixed
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html
http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html
http://secunia.com/advisories/38877
http://secunia.com/advisories/40718
http://secunia.com/advisories/40841
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076
http://www.debian.org/security/2010/dsa-2076
http://www.mandriva.com/security/advisories?name=MDVSA-2010:143
http://www.securityfocus.com/bid/41945
http://www.securitytracker.com/id?1024247
http://www.vupen.com/english/advisories/2010/1931
http://www.vupen.com/english/advisories/2010/1950
http://www.vupen.com/english/advisories/2010/1988
http://www.vupen.com/english/advisories/2010/2217
http://www.vupen.com/english/advisories/2010/3125
https://issues.rpath.com/browse/RPL-3229
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html
http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html
http://secunia.com/advisories/38877
http://secunia.com/advisories/40718
http://secunia.com/advisories/40841
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076
http://www.debian.org/security/2010/dsa-2076
http://www.mandriva.com/security/advisories?name=MDVSA-2010:143
http://www.securityfocus.com/bid/41945
http://www.securitytracker.com/id?1024247
http://www.vupen.com/english/advisories/2010/1931
http://www.vupen.com/english/advisories/2010/1950
http://www.vupen.com/english/advisories/2010/1988
http://www.vupen.com/english/advisories/2010/2217
http://www.vupen.com/english/advisories/2010/3125
https://issues.rpath.com/browse/RPL-3229