CVE-2010-2547 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2010-2547 Interim 1 33 2025-11-05T05:57:52Z current 2021-05-30T12:52:34Z 2025-11-05T05:57:52Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2010-2547 Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KILI6WO4HD4UVXOVYK2U6VA77TI7DFZT/#KILI6WO4HD4UVXOVYK2U6VA77TI7DFZT E-Mail link for SUSE-SR:2010:015 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MOIEDREROIMRGBCEM4AQRCTMZ7TT4MR4/#MOIEDREROIMRGBCEM4AQRCTMZ7TT4MR4 E-Mail link for SUSE-SR:2010:020 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Micro 6.0 SUSE Linux Micro 6.1 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP1 openSUSE Leap 15.0 openSUSE Tumbleweed dirmngr-2.5.5-160000.2.2 gpg2-2.0.24-1.5 gpg2-2.0.24-3.2 gpg2-2.0.24-8.1 gpg2-2.0.24-9.3.1 gpg2-2.0.24-9.8.1 gpg2-2.0.9-25.26.1 gpg2-2.0.9-25.33.27.1 gpg2-2.0.9-25.33.31.1 gpg2-2.0.9-25.33.39.1 gpg2-2.1.16-1.1 gpg2-2.2.5-2.9 gpg2-2.2.5-4.6.2 gpg2-2.2.5-lp150.2.1 gpg2-2.4.4-1.2 gpg2-2.4.4-slfo.1.1_1.2 gpg2-2.5.5-160000.2.2 gpg2-lang-2.0.24-1.5 gpg2-lang-2.0.24-3.2 gpg2-lang-2.0.24-8.1 gpg2-lang-2.0.24-9.3.1 gpg2-lang-2.0.24-9.8.1 gpg2-lang-2.0.9-25.26.1 gpg2-lang-2.0.9-25.33.27.1 gpg2-lang-2.0.9-25.33.31.1 gpg2-lang-2.0.9-25.33.39.1 gpg2-lang-2.1.16-1.1 gpg2-lang-2.2.5-2.9 gpg2-lang-2.2.5-4.6.2 gpg2-lang-2.2.5-lp150.2.1 gpg2-lang-2.5.5-160000.2.2 gpg2-tpm-2.5.5-160000.2.2 libgcrypt11-1.4.1-6.7 libgcrypt11-32bit-1.4.1-6.7 libgcrypt11-x86-1.4.1-6.7 libgpg-error0-1.6-8.6 libgpg-error0-32bit-1.6-8.6 libgpg-error0-x86-1.6-8.6 libksba-1.0.4-1.16 gpg2-2.0.24-1.5 as a component of SUSE Linux Enterprise Desktop 12 gpg2-lang-2.0.24-1.5 as a component of SUSE Linux Enterprise Desktop 12 gpg2-2.0.24-1.5 as a component of SUSE Linux Enterprise Desktop 12 SP1 gpg2-lang-2.0.24-1.5 as a component of SUSE Linux Enterprise Desktop 12 SP1 gpg2-2.0.24-3.2 as a component of SUSE Linux Enterprise Desktop 12 SP2 gpg2-lang-2.0.24-3.2 as a component of SUSE Linux Enterprise Desktop 12 SP2 gpg2-2.0.24-8.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 gpg2-lang-2.0.24-8.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 gpg2-2.0.24-9.3.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 gpg2-lang-2.0.24-9.3.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 gpg2-2.0.24-9.8.1 as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 gpg2-lang-2.0.24-9.8.1 as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 gpg2-2.2.5-2.9 as a component of SUSE Linux Enterprise Module for Basesystem 15 gpg2-lang-2.2.5-2.9 as a component of SUSE Linux Enterprise Module for Basesystem 15 gpg2-2.2.5-4.6.2 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 gpg2-lang-2.2.5-4.6.2 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 gpg2-2.0.9-25.26.1 as a component of SUSE Linux Enterprise Server 11 gpg2-lang-2.0.9-25.26.1 as a component of SUSE Linux Enterprise Server 11 libgcrypt11-1.4.1-6.7 as a component of SUSE Linux Enterprise Server 11 libgcrypt11-32bit-1.4.1-6.7 as a component of SUSE Linux Enterprise Server 11 libgcrypt11-x86-1.4.1-6.7 as a component of SUSE Linux Enterprise Server 11 libgpg-error0-1.6-8.6 as a component of SUSE Linux Enterprise Server 11 libgpg-error0-32bit-1.6-8.6 as a component of SUSE Linux Enterprise Server 11 libgpg-error0-x86-1.6-8.6 as a component of SUSE Linux Enterprise Server 11 libksba-1.0.4-1.16 as a component of SUSE Linux Enterprise Server 11 gpg2-2.0.9-25.26.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA gpg2-lang-2.0.9-25.26.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA gpg2-2.0.9-25.33.27.1 as a component of SUSE Linux Enterprise Server 11 SP2 gpg2-lang-2.0.9-25.33.27.1 as a component of SUSE Linux Enterprise Server 11 SP2 gpg2-2.0.9-25.33.31.1 as a component of SUSE Linux Enterprise Server 11 SP3 gpg2-lang-2.0.9-25.33.31.1 as a component of SUSE Linux Enterprise Server 11 SP3 gpg2-2.0.9-25.33.39.1 as a component of SUSE Linux Enterprise Server 11 SP4 gpg2-lang-2.0.9-25.33.39.1 as a component of SUSE Linux Enterprise Server 11 SP4 gpg2-2.0.24-1.5 as a component of SUSE Linux Enterprise Server 12 gpg2-lang-2.0.24-1.5 as a component of SUSE Linux Enterprise Server 12 gpg2-2.0.24-1.5 as a component of SUSE Linux Enterprise Server 12 SP1 gpg2-lang-2.0.24-1.5 as a component of SUSE Linux Enterprise Server 12 SP1 gpg2-2.0.24-3.2 as a component of SUSE Linux Enterprise Server 12 SP2 gpg2-lang-2.0.24-3.2 as a component of SUSE Linux Enterprise Server 12 SP2 gpg2-2.0.24-8.1 as a component of SUSE Linux Enterprise Server 12 SP3 gpg2-lang-2.0.24-8.1 as a component of SUSE Linux Enterprise Server 12 SP3 gpg2-2.0.24-9.3.1 as a component of SUSE Linux Enterprise Server 12 SP4 gpg2-lang-2.0.24-9.3.1 as a component of SUSE Linux Enterprise Server 12 SP4 gpg2-2.0.24-9.8.1 as a component of SUSE Linux Enterprise Server 12 SP5 gpg2-lang-2.0.24-9.8.1 as a component of SUSE Linux Enterprise Server 12 SP5 dirmngr-2.5.5-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 gpg2-2.5.5-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 gpg2-lang-2.5.5-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 gpg2-tpm-2.5.5-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 gpg2-2.0.24-3.2 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 gpg2-lang-2.0.24-3.2 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 gpg2-2.0.9-25.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 gpg2-lang-2.0.9-25.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 libgcrypt11-1.4.1-6.7 as a component of SUSE Linux Enterprise Server for SAP Applications 11 libgcrypt11-32bit-1.4.1-6.7 as a component of SUSE Linux Enterprise Server for SAP Applications 11 libgcrypt11-x86-1.4.1-6.7 as a component of SUSE Linux Enterprise Server for SAP Applications 11 libgpg-error0-1.6-8.6 as a component of SUSE Linux Enterprise Server for SAP Applications 11 libgpg-error0-32bit-1.6-8.6 as a component of SUSE Linux Enterprise Server for SAP Applications 11 libgpg-error0-x86-1.6-8.6 as a component of SUSE Linux Enterprise Server for SAP Applications 11 libksba-1.0.4-1.16 as a component of SUSE Linux Enterprise Server for SAP Applications 11 gpg2-2.0.24-9.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 gpg2-lang-2.0.24-9.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 gpg2-2.4.4-1.2 as a component of SUSE Linux Micro 6.0 gpg2-2.4.4-slfo.1.1_1.2 as a component of SUSE Linux Micro 6.1 gpg2-2.2.5-lp150.2.1 as a component of openSUSE Leap 15.0 gpg2-lang-2.2.5-lp150.2.1 as a component of openSUSE Leap 15.0 gpg2-2.1.16-1.1 as a component of openSUSE Tumbleweed gpg2-lang-2.1.16-1.1 as a component of openSUSE Tumbleweed Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature. CVE-2010-2547 SUSE Linux Enterprise Desktop 12:gpg2-2.0.24-1.5 SUSE Linux Enterprise Desktop 12:gpg2-lang-2.0.24-1.5 SUSE Linux Enterprise Desktop 12 SP1:gpg2-2.0.24-1.5 SUSE Linux Enterprise Desktop 12 SP1:gpg2-lang-2.0.24-1.5 SUSE Linux Enterprise Desktop 12 SP2:gpg2-2.0.24-3.2 SUSE Linux Enterprise Desktop 12 SP2:gpg2-lang-2.0.24-3.2 SUSE Linux Enterprise Desktop 12 SP3:gpg2-2.0.24-8.1 SUSE Linux Enterprise Desktop 12 SP3:gpg2-lang-2.0.24-8.1 SUSE Linux Enterprise Desktop 12 SP4:gpg2-2.0.24-9.3.1 SUSE Linux Enterprise Desktop 12 SP4:gpg2-lang-2.0.24-9.3.1 SUSE Linux Enterprise High Performance Computing 12 SP5:gpg2-2.0.24-9.8.1 SUSE Linux Enterprise High Performance Computing 12 SP5:gpg2-lang-2.0.24-9.8.1 SUSE Linux Enterprise Module for Basesystem 15:gpg2-2.2.5-2.9 SUSE Linux Enterprise Module for Basesystem 15:gpg2-lang-2.2.5-2.9 SUSE Linux Enterprise Module for Basesystem 15 SP1:gpg2-2.2.5-4.6.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:gpg2-lang-2.2.5-4.6.2 SUSE Linux Enterprise Server 11:gpg2-2.0.9-25.26.1 SUSE Linux Enterprise Server 11:gpg2-lang-2.0.9-25.26.1 SUSE Linux Enterprise Server 11:libgcrypt11-1.4.1-6.7 SUSE Linux Enterprise Server 11:libgcrypt11-32bit-1.4.1-6.7 SUSE Linux Enterprise Server 11:libgcrypt11-x86-1.4.1-6.7 SUSE Linux Enterprise Server 11:libgpg-error0-1.6-8.6 SUSE Linux Enterprise Server 11:libgpg-error0-32bit-1.6-8.6 SUSE Linux Enterprise Server 11:libgpg-error0-x86-1.6-8.6 SUSE Linux Enterprise Server 11:libksba-1.0.4-1.16 SUSE Linux Enterprise Server 11 SP1-TERADATA:gpg2-2.0.9-25.26.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:gpg2-lang-2.0.9-25.26.1 SUSE Linux Enterprise Server 11 SP2:gpg2-2.0.9-25.33.27.1 SUSE Linux Enterprise Server 11 SP2:gpg2-lang-2.0.9-25.33.27.1 SUSE Linux Enterprise Server 11 SP3:gpg2-2.0.9-25.33.31.1 SUSE Linux Enterprise Server 11 SP3:gpg2-lang-2.0.9-25.33.31.1 SUSE Linux Enterprise Server 11 SP4:gpg2-2.0.9-25.33.39.1 SUSE Linux Enterprise Server 11 SP4:gpg2-lang-2.0.9-25.33.39.1 SUSE Linux Enterprise Server 12:gpg2-2.0.24-1.5 SUSE Linux Enterprise Server 12:gpg2-lang-2.0.24-1.5 SUSE Linux Enterprise Server 12 SP1:gpg2-2.0.24-1.5 SUSE Linux Enterprise Server 12 SP1:gpg2-lang-2.0.24-1.5 SUSE Linux Enterprise Server 12 SP2:gpg2-2.0.24-3.2 SUSE Linux Enterprise Server 12 SP2:gpg2-lang-2.0.24-3.2 SUSE Linux Enterprise Server 12 SP3:gpg2-2.0.24-8.1 SUSE Linux Enterprise Server 12 SP3:gpg2-lang-2.0.24-8.1 SUSE Linux Enterprise Server 12 SP4:gpg2-2.0.24-9.3.1 SUSE Linux Enterprise Server 12 SP4:gpg2-lang-2.0.24-9.3.1 SUSE Linux Enterprise Server 12 SP5:gpg2-2.0.24-9.8.1 SUSE Linux Enterprise Server 12 SP5:gpg2-lang-2.0.24-9.8.1 SUSE Linux Enterprise Server 16.0:dirmngr-2.5.5-160000.2.2 SUSE Linux Enterprise Server 16.0:gpg2-2.5.5-160000.2.2 SUSE Linux Enterprise Server 16.0:gpg2-lang-2.5.5-160000.2.2 SUSE Linux Enterprise Server 16.0:gpg2-tpm-2.5.5-160000.2.2 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gpg2-2.0.24-3.2 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gpg2-lang-2.0.24-3.2 SUSE Linux Enterprise Server for SAP Applications 11:gpg2-2.0.9-25.26.1 SUSE Linux Enterprise Server for SAP Applications 11:gpg2-lang-2.0.9-25.26.1 SUSE Linux Enterprise Server for SAP Applications 11:libgcrypt11-1.4.1-6.7 SUSE Linux Enterprise Server for SAP Applications 11:libgcrypt11-32bit-1.4.1-6.7 SUSE Linux Enterprise Server for SAP Applications 11:libgcrypt11-x86-1.4.1-6.7 SUSE Linux Enterprise Server for SAP Applications 11:libgpg-error0-1.6-8.6 SUSE Linux Enterprise Server for SAP Applications 11:libgpg-error0-32bit-1.6-8.6 SUSE Linux Enterprise Server for SAP Applications 11:libgpg-error0-x86-1.6-8.6 SUSE Linux Enterprise Server for SAP Applications 11:libksba-1.0.4-1.16 SUSE Linux Enterprise Server for SAP Applications 12 SP5:gpg2-2.0.24-9.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:gpg2-lang-2.0.24-9.8.1 SUSE Linux Micro 6.0:gpg2-2.4.4-1.2 SUSE Linux Micro 6.1:gpg2-2.4.4-slfo.1.1_1.2 openSUSE Leap 15.0:gpg2-2.2.5-lp150.2.1 openSUSE Leap 15.0:gpg2-lang-2.2.5-lp150.2.1 openSUSE Tumbleweed:gpg2-2.1.16-1.1 openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H