{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-07-30T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"different line lengths in a specific order.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-14T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "109699", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/109699"}, {"name": "68990", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68990"}, {"name": "DSA-3005", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3005"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git%3Ba=commit%3Bh=2cbd76f7911fc215845e89b50d6af5ff4a83dd77"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113267"}, {"name": "[oss-security] 20140731 CVE-2014-3564 gpgme: heap-based buffer overflow in gpgsm status handler", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q3/266"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:50:17.645Z"}, "title": "CVE Program Container", "references": [{"name": "109699", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/109699"}, {"name": "68990", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/68990"}, {"name": "DSA-3005", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3005"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git%3Ba=commit%3Bh=2cbd76f7911fc215845e89b50d6af5ff4a83dd77"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113267"}, {"name": "[oss-security] 20140731 CVE-2014-3564 gpgme: heap-based buffer overflow in gpgsm status handler", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2014/q3/266"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3564", "datePublished": "2014-10-20T17:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:17.645Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:gpgme:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D7C5000-AFB7-4370-ADE9-FC9A141F52A5", "versionEndIncluding": "1.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*", "matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"different line lengths in a specific order.\""}, {"lang": "es", "value": "M\u00faltiples desbordamientos de buffer basado en memoria din\u00e1mica en la funci\u00f3n status_handler en (1) engine-gpgsm.c y (2) engine-uiserver.c en GPGME anterior a 1.5.1 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores relacionados con 'longitudes de l\u00ednea diferentes en un orden especifico.'"}], "id": "CVE-2014-3564", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-20T17:55:05.383", "references": [{"source": "secalert@redhat.com", "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git%3Ba=commit%3Bh=2cbd76f7911fc215845e89b50d6af5ff4a83dd77"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/oss-sec/2014/q3/266"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2014/dsa-3005"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/109699"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/68990"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113267"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git%3Ba=commit%3Bh=2cbd76f7911fc215845e89b50d6af5ff4a83dd77"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/oss-sec/2014/q3/266"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3005"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/109699"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/68990"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113267"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Tom\u00e1\u0161 Trnka for reporting this issue.", "bugzilla": {"description": "gpgme: heap-based buffer overflow in gpgsm status handler", "id": "1113267", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113267"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "draft"}, "cwe": "CWE-122", "details": ["Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"different line lengths in a specific order.\""], "name": "CVE-2014-3564", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "gpgme", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "gpgme", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2014-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3564\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3564\nhttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}