CVE-2014-3564

Currently unrated

Key Information:

Vendor: Gnu
Status: Gpgme; Debian Linux; Ubuntu Linux
Vendor: CVE Published:; 20 October 2014

Summary

Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."

References

http://www.osvdb.org/109699

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/68990

vdb-entryx_refsource_BID

http://www.debian.org/security/2014/dsa-3005

vendor-advisoryx_refsource_DEBIAN

EPSS Score

3% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 20, 2014
Vulnerability Reserved
May 14, 2014