High severity8.1NVD Advisory· Published Aug 5, 2010· Updated Apr 29, 2026
CVE-2010-2547
CVE-2010-2547
Description
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
Affected products
3- cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.htmlnvdPatchVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.htmlnvdMailing ListThird Party Advisory
- secunia.com/advisories/38877nvdBroken LinkVendor Advisory
- secunia.com/advisories/40718nvdBroken LinkVendor Advisory
- secunia.com/advisories/40841nvdBroken LinkVendor Advisory
- www.debian.org/security/2010/dsa-2076nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/41945nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- www.vupen.com/english/advisories/2010/1931nvdBroken LinkVendor Advisory
- www.vupen.com/english/advisories/2010/1950nvdBroken LinkVendor Advisory
- www.vupen.com/english/advisories/2010/1988nvdBroken LinkVendor Advisory
- slackware.com/security/viewer.phpnvdBroken Link
- wiki.rpath.com/wiki/Advisories:rPSA-2010-0076nvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.vupen.com/english/advisories/2010/2217nvdBroken Link
- www.vupen.com/english/advisories/2010/3125nvdBroken Link
- issues.rpath.com/browse/RPL-3229nvdBroken Link
News mentions
0No linked articles in our index yet.