Vulnerabilities > Gnupg > High

DATE CVE VULNERABILITY TITLE RISK
2016-06-13 CVE-2016-4579 Improper Input Validation vulnerability in multiple products
Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."
network
low complexity
gnupg opensuse canonical CWE-20
7.5
2016-06-13 CVE-2016-4574 Numeric Errors vulnerability in multiple products
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data.
network
low complexity
gnupg canonical opensuse CWE-189
7.5
2016-06-13 CVE-2016-4356 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data.
network
low complexity
gnupg canonical CWE-119
7.5
2016-06-13 CVE-2016-4355 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.
network
low complexity
gnupg canonical CWE-119
7.5
2016-06-13 CVE-2016-4354 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.
network
low complexity
canonical gnupg CWE-119
7.5
2016-06-13 CVE-2016-4353 Improper Input Validation vulnerability in multiple products
ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data.
network
low complexity
gnupg canonical CWE-20
7.5
2010-08-05 CVE-2010-2547 Use After Free vulnerability in multiple products
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
network
high complexity
gnupg fedoraproject debian CWE-416
8.1