Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2006-3082

Published: 19/06/2006 Updated: 18/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and previous versions versions, allows remote malicious users to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.

Vulnerable Product Search on Vulmon Subscribe to Product

gnupg gnupg 1.4.3

gnupg gnupg

Vendor Advisories

Ubuntu Security Notice: gnupg vulnerability
Evgeny Legerov discovered that GnuPG did not sufficiently check overly large user ID packets Specially crafted user IDs caused a buffer overflow By tricking an user or remote automated system into processing a malicous GnuPG message, an attacker could exploit this to crash GnuPG or possibly even execute arbitrary code ...
Debian CVElist Bug Report Logs: gnupg: CVE-2006-3082: remote denial of service / crash
Debian Bug report logs - #375052 gnupg: CVE-2006-3082: remote denial of service / crash Package: gnupg; Maintainer for gnupg is Debian GnuPG Maintainers <pkg-gnupg-maint@listsaliothdebianorg>; Source for gnupg is src:gnupg2 (PTS, buildd, popcon) Reported by: Alec Berryman <alec@thenednet> Date: Thu, 22 Jun 2006 2 ...
Debian Security Advisories: DSA-1107-1 gnupg -- integer overflow
Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free PGP replacement contains an integer overflow that can cause a segmentation fault and possibly overwrite memory via a large user ID string For the old stable distribution (woody) this problem has been fixed in version 106-4woody6 For the stable distribution (sarge) this problem ...

Exploits

Exploit DB: GnuPG 1.4.3/1.9.x - Parse_User_ID Remote Buffer Overflow
source: wwwsecurityfocuscom/bid/18554/info GnuPG is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer This issue may allow remote attackers to execute arbitrary machine code in the context of the affected application, b ...

References

CWE-189http://seclists.org/lists/fulldisclosure/2006/May/0774.htmlhttp://seclists.org/lists/fulldisclosure/2006/May/0789.htmlhttp://seclists.org/lists/fulldisclosure/2006/May/0782.htmlhttp://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157http://secunia.com/advisories/20783http://secunia.com/advisories/20829http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.457382http://secunia.com/advisories/20801http://secunia.com/advisories/20811http://www.novell.com/linux/security/advisories/2006_38_security.htmlhttp://www.securityfocus.com/bid/18554http://secunia.com/advisories/20881http://secunia.com/advisories/20899http://www.debian.org/security/2006/dsa-1107http://secunia.com/advisories/20968http://www.redhat.com/support/errata/RHSA-2006-0571.htmlhttp://secunia.com/advisories/21063http://securitytracker.com/id?1016519http://secunia.com/advisories/21143http://www.debian.org/security/2006/dsa-1115http://secunia.com/advisories/21137ftp://patches.sgi.com/support/free/security/advisories/20060701-01-Uhttp://secunia.com/advisories/21135http://www.novell.com/linux/security/advisories/2006_18_sr.htmlhttp://support.avaya.com/elmodocs2/security/ASA-2006-167.htmhttp://secunia.com/advisories/21585http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.010.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:110http://www.vupen.com/english/advisories/2006/2450https://exchange.xforce.ibmcloud.com/vulnerabilities/27245https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10089https://usn.ubuntu.com/304-1/http://www.securityfocus.com/archive/1/438751/100/0/threadedhttps://nvd.nist.govhttps://usn.ubuntu.com/304-1/https://www.exploit-db.com/exploits/28077/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103CVE-2024-36279CVE-2024-38457elevation of privilegeCVE-2024-27801CVE-2024-30103NULL pointer dereferenceCVE-2024-6057XML injection
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook