CVE-2010-2547

{"id": "CVE-2010-2547", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2010-08-05T18:17:57.243", "references": [{"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/38877", "tags": ["Broken Link", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/40718", "tags": ["Broken Link", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/40841", "tags": ["Broken Link", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2010/dsa-2076", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:143", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/41945", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1024247", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1931", "tags": ["Broken Link", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1950", "tags": ["Broken Link", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1988", "tags": ["Broken Link", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2010/2217", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2010/3125", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "https://issues.rpath.com/browse/RPL-3229", "tags": ["Broken Link"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature."}, {"lang": "es", "value": "Vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n (use-after-free) en kbx/keybox-blob.c en GPGSM de GnuPG v2.x hasta v2.0.16 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del sistema) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante un certificado con un gran n\u00famero de Subject Alternate Names, que no es manejado de forma adecuada en una operaci\u00f3n realloc cuando se importa el certificado o se verifica su firma."}], "lastModified": "2024-02-02T16:34:14.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A6E093F-B054-46B5-92A3-B106E784F30E", "versionEndIncluding": "2.0.16", "versionStartIncluding": "2.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639"}], "operator": "OR"}]}], "evaluatorImpact": "Per: http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html\n\n'GnuPG 1.x is NOT affected because it does not come with the GPGSM\ntool.'", "sourceIdentifier": "secalert@redhat.com"}