Heap-Based Buffer Overflow Vulnerability in GPGME by GnuPG
CVE-2014-3564
Currently unrated
Summary
Multiple heap-based buffer overflows exist in the status_handler function found in engine-gpgsm.c and engine-uiserver.c of GPGME prior to version 1.5.1. These vulnerabilities may allow remote attackers to create situations that lead to a denial of service or potentially execute arbitrary code. The exploitation involves manipulating line lengths in a specific order, making it critical to patch systems that utilize affected versions of GPGME to avert possible attacks.
References
Timeline
Vulnerability published
Vulnerability Reserved