Freely subscribe to our NEWSLETTER

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can force the usage of a freed memory area of GnuPG,
in order to trigger a denial of service, and possibly to execute
code.

Impacted products: GnuPG

Severity: 2/4

Creation date: 02/01/2015

DESCRIPTION OF THE VULNERABILITY

Several vulnerabilities were announced in GnuPG.

An attacker can force the usage of a freed memory area in
cmd_readkey, in order to trigger a denial of service, and possibly
to execute code. [severity:2/4; 773471]

An attacker can force the usage of a freed memory area in
p12_build, in order to trigger a denial of service, and possibly
to execute code. [severity:2/4; 773472]

An attacker can force the usage of a freed memory area in
parse_keyserver_line, in order to trigger a denial of service, and
possibly to execute code. [severity:2/4; 773473]

An attacker can force the usage of a freed memory area in
ldapserver_parse_one, in order to trigger a denial of service, and
possibly to execute code. [severity:2/4; 773523]

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/GnuPG-use-after-free-15895