Heap-Based Buffer Overflow Vulnerability in GPGME by GnuPG
CVE-2014-3564

Currently unrated

Key Information:

Vendor: Gnu
Status: Gpgme; Debian Linux; Ubuntu Linux
Vendor: CVE Published:; 20 October 2014

Summary

Multiple heap-based buffer overflows exist in the status_handler function found in engine-gpgsm.c and engine-uiserver.c of GPGME prior to version 1.5.1. These vulnerabilities may allow remote attackers to create situations that lead to a denial of service or potentially execute arbitrary code. The exploitation involves manipulating line lengths in a specific order, making it critical to patch systems that utilize affected versions of GPGME to avert possible attacks.

References

http://www.osvdb.org/109699

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/68990

vdb-entryx_refsource_BID

http://www.debian.org/security/2014/dsa-3005

vendor-advisoryx_refsource_DEBIAN

Timeline

Vulnerability published
Oct 20, 2014
Vulnerability Reserved
May 14, 2014