Date: Tue, 06 Jan 2015 21:35:29 +1100 From: Joshua Rogers <oss@...ernot.info> To: oss-security@...ts.openwall.com Subject: Re: CVE Request(s): GnuPG 2/GPG2 On 06/01/15 04:42, cve-assign@...re.org wrote: > > What is the attack scenario for these double frees? It is not > immediately clear whether there is a role for an attacker who is not > the GnuPG user. Here is the response from Werner: --- >> Double free in scd/command.c: >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773471 Could be triggered due to an out of memory condition or a wrong use of a functions. Hard to exploit I guess. >> Double free in sm/minip12.c: >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773472 That may happen if iconv_open fails. Memory error or utf-8 not available. Note that the buffer is allocated in out secure memory and thus the gcry_free() zeroes the memory. I can't see how this can be exploted but I am not an expert for this. --- Hopefully that answers the question, Thanks, -- -- Joshua Rogers <https://internot.info/> Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.