oss-sec mailing list archives

CVE request: GnuPG 2

From: Florian Weimer <fw () deneb enyo de>
Date: Fri, 23 Jul 2010 21:02:37 +0200

GnuPG 2.0 before version 2.0.17 reuses a freed pointer when verifying
a signature or importing a certificate with many Subject Alternate
Names, possibly allowing context-dependent attacks to execute
arbitrary code.

<http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html>

Current thread:

CVE request: GnuPG 2 Florian Weimer (Jul 23)
- Re: CVE request: GnuPG 2 Josh Bressers (Jul 26)