FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-3564

This CVE name corresponds to:

Entered Topic
2014-08-02 gpgme -- heap-based buffer overflow in gpgsm status handler

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-3564 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-3564
Phase Assigned(20140514)

Description

Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."

References

Source Reference
MLIST [oss-security] 20140731 CVE-2014-3564 gpgme: heap-based buffer overflow in gpgsm status handler
CONFIRM http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1113267
DEBIAN DSA-3005
BID 68990
OSVDB 109699

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.