Vulnerabilities > Gnupg > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-06-13 | CVE-2016-4579 | Improper Input Validation vulnerability in multiple products Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl." | 7.5 |
2016-06-13 | CVE-2016-4574 | Numeric Errors vulnerability in multiple products Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. | 7.5 |
2016-06-13 | CVE-2016-4356 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data. | 7.5 |
2016-06-13 | CVE-2016-4355 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | 7.5 |
2016-06-13 | CVE-2016-4354 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | 7.5 |
2016-06-13 | CVE-2016-4353 | Improper Input Validation vulnerability in multiple products ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data. | 7.5 |
2010-08-05 | CVE-2010-2547 | Use After Free vulnerability in multiple products Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature. | 8.1 |