Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 06 Jan 2015 21:35:29 +1100
From: Joshua Rogers <>
Subject: Re: CVE Request(s): GnuPG 2/GPG2

On 06/01/15 04:42, wrote:
> What is the attack scenario for these double frees?  It is not
> immediately clear whether there is a role for an attacker who is not
> the GnuPG user.
Here is the response from Werner:


>> Double free in scd/command.c:

Could be triggered due to an out of memory condition or a wrong use of a
functions.  Hard to exploit I guess.

>> Double free in sm/minip12.c:

That may happen if iconv_open fails.  Memory error or utf-8 not
available.  Note that the buffer is allocated in out secure memory and
thus the gcry_free() zeroes the memory.  I can't see how this can be
exploted but I am not an expert for this.

Hopefully that answers the question,

-- Joshua Rogers <>

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.