Home

CVE-2010-2547

Description

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
15.103

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in GnuPG for windows 2.0Windows
Multiple Vulnerabilities are affected in GnuPG for windows 2.0.8Windows
Multiple Vulnerabilities are affected in GnuPG for windows 2.0.1Windows
Multiple Vulnerabilities are affected in GnuPG for windows 2.0.10Windows
Multiple Vulnerabilities are affected in GnuPG for windows 2.0.11Windows
Multiple Vulnerabilities are affected in GnuPG for windows 2.0.12Windows
Multiple Vulnerabilities are affected in GnuPG for windows 2.0.13Windows
Multiple Vulnerabilities are affected in GnuPG for windows 2.0.14Windows
Multiple Vulnerabilities are affected in GnuPG for windows 2.0.15Windows
Multiple Vulnerabilities are affected in GnuPG for windows 2.0.16Windows
Multiple Vulnerabilities are affected in GnuPG for windows 2.0.3Windows
Multiple Vulnerabilities are affected in GnuPG for windows 2.0.4Windows
Multiple Vulnerabilities are affected in GnuPG for windows 2.0.5Windows
Multiple Vulnerabilities are affected in GnuPG for windows 2.0.6Windows
Multiple Vulnerabilities are affected in GnuPG for windows 2.0.7Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234