[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110139

 
 

909

 
 

85964

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2006-3082Date: (C)2006-06-19   (M)2018-02-19


parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 5.0
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: NONE
Scope: Integrity: NONE
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
SECTRACK-1016519
BID-18554
http://seclists.org/lists/fulldisclosure/2006/May/0774.html
http://seclists.org/lists/fulldisclosure/2006/May/0782.html
http://seclists.org/lists/fulldisclosure/2006/May/0789.html
http://www.securityfocus.com/archive/1/archive/1/438751/100/0/threaded
20060701-01-U
SECUNIA-20783
SECUNIA-20801
SECUNIA-20811
SECUNIA-20829
SECUNIA-20881
SECUNIA-20899
SECUNIA-20968
SECUNIA-21063
SECUNIA-21135
SECUNIA-21137
SECUNIA-21143
SECUNIA-21585
ADV-2006-2450
DSA-1107
DSA-1115
MDKSA-2006:110
OpenPKG-SA-2006.010
RHSA-2006:0571
SSA:2006-178-02
SUSE-SR:2006:015
SUSE-SR:2006:018
USN-304-1
gnupg-parsepacket-bo(27245)
http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157
http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm

CPE    2
cpe:/a:gnupg:gnupg:1.9.20
cpe:/a:gnupg:gnupg:1.4.3
CWE    1
CWE-189

© SecPod Technologies