Note:
This project will be discontinued after December 13, 2021. [more]
2019-11-20
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
| Products | Debian_linux, Gnupg |
| Type | Use After Free (CWE-416) |
| First patch | - None (likely due to unavailable code) |
| Links |
• http://www.openwall.com/lists/oss-security/2015/02/13/14
• http://www.debian.org/security/2015/dsa-3184 • http://www.securitytracker.com/id/1031876 • https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html • http://www.openwall.com/lists/oss-security/2015/02/14/6 |