CVE-2014-3564
20.10.2014, 17:55
Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gnu | gpgme | 𝑥 ≤ 1.5.0 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 12.04 |
| debian | debian_linux | 6.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| gpgme |
| ||||||||||||||||||||||||||
| libgpgme-devel |
| ||||||||||||||||||||||||||
| libgpgme11 |
| ||||||||||||||||||||||||||
| libgpgmepp-devel |
| ||||||||||||||||||||||||||
| libgpgmepp6 |
| ||||||||||||||||||||||||||
| libqgpgme-devel |
| ||||||||||||||||||||||||||
| libqgpgme7 |
|
Common Weakness Enumeration
References