[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2006-3082

Date: (C)2006-06-19   (M)2017-10-12 


parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.

CVSS Score: 5.0Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL





Reference:
SECTRACK-1016519
BID-18554
http://seclists.org/lists/fulldisclosure/2006/May/0774.html
http://seclists.org/lists/fulldisclosure/2006/May/0782.html
http://seclists.org/lists/fulldisclosure/2006/May/0789.html
http://www.securityfocus.com/archive/1/archive/1/438751/100/0/threaded
20060701-01-U
SECUNIA-20783
SECUNIA-20801
SECUNIA-20811
SECUNIA-20829
SECUNIA-20881
SECUNIA-20899
SECUNIA-20968
SECUNIA-21063
SECUNIA-21135
SECUNIA-21137
SECUNIA-21143
SECUNIA-21585
ADV-2006-2450
DSA-1107
DSA-1115
MDKSA-2006:110
OpenPKG-SA-2006.010
RHSA-2006:0571
SSA:2006-178-02
SUSE-SR:2006:015
SUSE-SR:2006:018
USN-304-1
gnupg-parsepacket-bo(27245)
http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157
http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm

CPE    2
cpe:/a:gnupg:gnupg:1.9.20
cpe:/a:gnupg:gnupg:1.4.3
CWE    1
CWE-189

© 2013 SecPod Technologies