Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2006-3082

Published: 19/06/2006 Updated: 18/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Gnupg

Vulnerability Summary

parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and previous versions versions, allows remote malicious users to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.

Vulnerable Product Search on Vulmon Subscribe to Product

gnupg gnupg 1.4.3

gnupg gnupg

Vendor Advisories

Debian CVElist Bug Report Logs: gnupg: CVE-2006-3082: remote denial of service / crash
Debian Bug report logs - #375052 gnupg: CVE-2006-3082: remote denial of service / crash Package: gnupg; Maintainer for gnupg is Debian GnuPG Maintainers <pkg-gnupg-maint@listsaliothdebianorg>; Source for gnupg is src:gnupg2 (PTS, buildd, popcon) Reported by: Alec Berryman <alec@thenednet> Date: Thu, 22 Jun 2006 2 ...
Ubuntu Security Notice: gnupg vulnerability
Evgeny Legerov discovered that GnuPG did not sufficiently check overly large user ID packets Specially crafted user IDs caused a buffer overflow By tricking an user or remote automated system into processing a malicous GnuPG message, an attacker could exploit this to crash GnuPG or possibly even execute arbitrary code ...
Debian Security Advisories: DSA-1107-1 gnupg -- integer overflow
Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free PGP replacement contains an integer overflow that can cause a segmentation fault and possibly overwrite memory via a large user ID string For the old stable distribution (woody) this problem has been fixed in version 106-4woody6 For the stable distribution (sarge) this problem ...

Exploits

Exploit DB: GnuPG 1.4.3/1.9.x - Parse_User_ID Remote Buffer Overflow
source: wwwsecurityfocuscom/bid/18554/info GnuPG is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer This issue may allow remote attackers to execute arbitrary machine code in the context of the affected application, b ...

References

CWE-189http://seclists.org/lists/fulldisclosure/2006/May/0774.htmlhttp://seclists.org/lists/fulldisclosure/2006/May/0789.htmlhttp://seclists.org/lists/fulldisclosure/2006/May/0782.htmlhttp://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157http://secunia.com/advisories/20783http://secunia.com/advisories/20829http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.457382http://secunia.com/advisories/20801http://secunia.com/advisories/20811http://www.novell.com/linux/security/advisories/2006_38_security.htmlhttp://www.securityfocus.com/bid/18554http://secunia.com/advisories/20881http://secunia.com/advisories/20899http://www.debian.org/security/2006/dsa-1107http://secunia.com/advisories/20968http://www.redhat.com/support/errata/RHSA-2006-0571.htmlhttp://secunia.com/advisories/21063http://securitytracker.com/id?1016519http://secunia.com/advisories/21143http://www.debian.org/security/2006/dsa-1115http://secunia.com/advisories/21137ftp://patches.sgi.com/support/free/security/advisories/20060701-01-Uhttp://secunia.com/advisories/21135http://www.novell.com/linux/security/advisories/2006_18_sr.htmlhttp://support.avaya.com/elmodocs2/security/ASA-2006-167.htmhttp://secunia.com/advisories/21585http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.010.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:110http://www.vupen.com/english/advisories/2006/2450https://exchange.xforce.ibmcloud.com/vulnerabilities/27245https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10089https://usn.ubuntu.com/304-1/http://www.securityfocus.com/archive/1/438751/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375052https://usn.ubuntu.com/304-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/28077/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook