CVE-2006-3082

2006-06-19 20:02:00 2018-10-18 18:45:31

parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

GnuPG (Privacy Guard) 1.9.20 GnuPG (Privacy Guard) 1.4.3

Gnupg - Gnupg

Advisory	Patch	Confirmed	Link
			gnupg-parsepacket-bo(27245)
			USN-304-1
			ADV-2006-2450
			18554
			20060629 rPSA-2006-0120-1 gnupg
			RHSA-2006:0571
			OpenPKG-SA-2006.010
			SUSE-SR:2006:015
			SUSE-SR:2006:018
			MDKSA-2006:110
			DSA-1115
			DSA-1107
			http://support.avaya.com/elmodocs2/security/ASA-2006-167...
			SSA:2006-178-02
			1016519
			20060601 Re: GnuPG fun
			20060531 RE: GnuPG fun
			20060531 GnuPG fun
			http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse...
			20060701-01-U

CVE-2006-3082

2006-06-19 20:02:00 2018-10-18 18:45:31

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)