Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   GnuPG (Gnu Privacy Guard) Vendors:
GnuPG Memory Corruption Flaws Have Unspecified Impact
SecurityTracker Alert ID:  1031876
SecurityTracker URL:
CVE Reference:   CVE-2015-1606, CVE-2015-1607   (Links to External Site)
Date:  Mar 10 2015
Impact:   Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.1.2
Description:   Two vulnerabilities were reported in GnuPG. The impact was not specified.

A remote user can trigger a use-after-free memory error in 'build-packet.c' [CVE-2015-1606].

A remote user can trigger a bit shifting memory copy error in 'keybox_search.c' [CVE-2015-1607].

The original advisory is available at:

Hanno Bock reported these vulnerabilities.

Impact:   The impact was not specified.
Solution:   The vendor has issued a fix (2.1.2).
Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  [oss-security] Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015)

Hash: SHA1


A build-packet.c report says "Use after free" but the listed commit
is for an invalid memory read that was fixed in two other .c files.

The keybox_search.c report says "memcpy with overlapping ranges" but
the listed commit apparently fixes "sign extension on shift" issues.

We suspect that what you mean is that the commits are directly
applicable as listed, and the difference is that your report states
the ultimate impact found by afl-fuzz, and your report isn't intended
to directly show how that ultimate impact results from the code

With this interpretation:

  CVE-2015-1606 - Use after free, resulting from failure to skip
                  invalid packets

  CVE-2015-1607 - memcpy with overlapping ranges, resulting from
                  incorrect bitwise left shifts

There's currently no information suggesting that the NULL pointer
dereference issues could have a security impact; they currently do not
have CVE IDs.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through ]
Version: GnuPG v1.4.14 (SunOS)


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC