Date: Tue, 06 Jan 2015 21:35:29 +1100 From: Joshua Rogers <oss@...ernot.info> To: oss-security@...ts.openwall.com Subject: Re: CVE Request(s): GnuPG 2/GPG2 On 06/01/15 04:42, cve-assign@...re.org wrote: > > What is the attack scenario for these double frees? It is not > immediately clear whether there is a role for an attacker who is not > the GnuPG user. Here is the response from Werner: --- >> Double free in scd/command.c: >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773471 Could be triggered due to an out of memory condition or a wrong use of a functions. Hard to exploit I guess. >> Double free in sm/minip12.c: >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773472 That may happen if iconv_open fails. Memory error or utf-8 not available. Note that the buffer is allocated in out secure memory and thus the gcry_free() zeroes the memory. I can't see how this can be exploted but I am not an expert for this. --- Hopefully that answers the question, Thanks, -- -- Joshua Rogers <https://internot.info/> Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ