oss-sec mailing list archives

Re: CVE Request(s): GnuPG 2/GPG2

From: cve-assign () mitre org
Date: Mon, 5 Jan 2015 12:42:41 -0500 (EST)


On Tue, 30 Dec 2014, Joshua Rogers wrote:

I found multiple vulnerabilities in GPG2.
Could some CVE-ID(s) be assigned please.
Patches were provided by multiple people.

--
Double free in scd/command.c:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773471

Double free in sm/minip12.c:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773472

What is the attack scenario for these double frees? It is not immediatelyclear whether there is a role for an attacker who is not the GnuPG user.


---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]

Current thread:

Re: CVE Request(s): GnuPG 2/GPG2 cve-assign (Jan 05)
- Re: CVE Request(s): GnuPG 2/GPG2 Joshua Rogers (Jan 06)
- <Possible follow-ups>
- Re: Re: CVE Request(s): GnuPG 2/GPG2 Moritz Muehlenhoff (Jan 05)