製品・ソフトウェアに関する情報

JVN脆弱性詳細

GnuPG の kbx/keybox-blob.c における任意のコードを実行される脆弱性

Title	GnuPG の kbx/keybox-blob.c における任意のコードを実行される脆弱性
Summary	GnuPG の GPGSM 内にある kbx/keybox-blob.c には、Subject Alternative Names に関する処理に不備があり、証明書のインポートおよび署名の検証の際、realloc 操作を適切に行わないため、サービス運用妨害 (DoS) 状態となる、または任意のコードを実行される脆弱性が存在します。
Possible impacts	第三者により、多数の Subject Alternate Names を介して、サービス運用妨害 (DoS) 状態にされる、または任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 23, 2010, midnight
Registration Date	Aug. 30, 2010, 7:01 p.m.
Last Update	Aug. 30, 2010, 7:01 p.m.

CVSS2.0 : 警告
Score	5.1
Vector	AV:N/AC:H/Au:N/C:P/I:P/A:P

Affected System

レッドハット

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 5.0 (client)

GNU Project

GnuPG 2.0.16 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-2547	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2547
National Vulnerability Database (NVD)
2	CVE-2010-2547	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2547

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-399	https://jvndb.jvn.jp/ja/cwe/CWE-399.html

ベンダー情報

No	Name	URL
GNU Privacy Guard
1	Top Page	http://www.gnupg.org/
Red Hat Security Advisory
2	RHSA-2010:0603	https://rhn.redhat.com/errata/RHSA-2010-0603.html

その他

No	Name	URL
Secunia Advisory
1	SA38877	http://secunia.com/advisories/38877
SecurityFocus
2	41945	http://www.securityfocus.com/bid/41945
SecurityTracker
3	1024247	http://www.securitytracker.com/id?1024247
VUPEN Security
4	VUPEN/ADV-2010-1910	http://www.vupen.com/english/advisories/2010/1910

Change Log

No	Changed Details	Date of change
0	[2010年08月30日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-2547

Summary	Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
Publication Date	Aug. 6, 2010, 3:17 a.m.
Registration Date	Jan. 29, 2021, 11:03 a.m.
Last Update	Nov. 21, 2024, 10:16 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:gnupg:gnupg::::::::		2.0.0	2.0.16

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:13:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:5.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html	Mailing List Third Party Advisory
2	http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html	Mailing List Third Party Advisory
3	http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html	Patch Vendor Advisory
4	http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html	Patch Vendor Advisory
5	http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html	Mailing List Third Party Advisory
6	http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html	Mailing List Third Party Advisory
7	http://secunia.com/advisories/38877	Broken Link Vendor Advisory
8	http://secunia.com/advisories/38877	Broken Link Vendor Advisory
9	http://secunia.com/advisories/40718	Broken Link Vendor Advisory
10	http://secunia.com/advisories/40718	Broken Link Vendor Advisory
11	http://secunia.com/advisories/40841	Broken Link Vendor Advisory
12	http://secunia.com/advisories/40841	Broken Link Vendor Advisory
13	http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008	Broken Link
14	http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008	Broken Link
15	http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076	Broken Link
16	http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076	Broken Link
17	http://www.debian.org/security/2010/dsa-2076	Mailing List Third Party Advisory
18	http://www.debian.org/security/2010/dsa-2076	Mailing List Third Party Advisory
19	http://www.mandriva.com/security/advisories?name=MDVSA-2010:143	Broken Link
20	http://www.mandriva.com/security/advisories?name=MDVSA-2010:143	Broken Link
21	http://www.securityfocus.com/bid/41945	Broken Link Third Party Advisory VDB Entry
22	http://www.securityfocus.com/bid/41945	Broken Link Third Party Advisory VDB Entry
23	http://www.securitytracker.com/id?1024247	Broken Link Third Party Advisory VDB Entry
24	http://www.securitytracker.com/id?1024247	Broken Link Third Party Advisory VDB Entry
25	http://www.vupen.com/english/advisories/2010/1931	Broken Link Vendor Advisory
26	http://www.vupen.com/english/advisories/2010/1931	Broken Link Vendor Advisory
27	http://www.vupen.com/english/advisories/2010/1950	Broken Link Vendor Advisory
28	http://www.vupen.com/english/advisories/2010/1950	Broken Link Vendor Advisory
29	http://www.vupen.com/english/advisories/2010/1988	Broken Link Vendor Advisory
30	http://www.vupen.com/english/advisories/2010/1988	Broken Link Vendor Advisory
31	http://www.vupen.com/english/advisories/2010/2217	Broken Link
32	http://www.vupen.com/english/advisories/2010/2217	Broken Link
33	http://www.vupen.com/english/advisories/2010/3125	Broken Link
34	http://www.vupen.com/english/advisories/2010/3125	Broken Link
35	https://issues.rpath.com/browse/RPL-3229	Broken Link
36	https://issues.rpath.com/browse/RPL-3229	Broken Link

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-416	解放済みメモリの使用	https://cwe.mitre.org/data/definitions/416.html