CVE-2006-3082
published 2006-06-19CVE-2006-3082: parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite…
PriorityP424medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
7.17%
93.5th percentile
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gnupg2 | < gnupg2 1.9.20-1.1 (bookworm) | gnupg2 1.9.20-1.1 (bookworm) |
| gnupg | gnupg | <= 1.9.20 | — |
| gnupg | gnupg | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h89c-f8ff-gv7w: parse-packet
ghsa_unreviewed·2022-05-03
CVE-2006-3082 [MEDIUM] GHSA-h89c-f8ff-gv7w: parse-packet
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
OSV
CVE-2006-3082: parse-packet
osv·2006-06-19·CVSS 5.0
CVE-2006-3082 [MEDIUM] CVE-2006-3082: parse-packet
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
Ubuntu
gnupg vulnerability
vendor_ubuntu·2006-06-27
CVE-2006-3082 gnupg vulnerability
Title: gnupg vulnerability
Summary: gnupg vulnerability
Evgeny Legerov discovered that GnuPG did not sufficiently check overly
large user ID packets. Specially crafted user IDs caused a buffer
overflow. By tricking an user or remote automated system into
processing a malicous GnuPG message, an attacker could exploit this to
crash GnuPG or possibly even execute arbitrary code.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
security flaw
vendor_redhat·2006-05-31·CVSS 5.0
CVE-2006-3082 [MEDIUM] security flaw
security flaw
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
Debian
CVE-2006-3082: gnupg2 - parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows rem...
vendor_debian·2006·CVSS 5.0
CVE-2006-3082 [MEDIUM] CVE-2006-3082: gnupg2 - parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows rem...
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
Scope: local
bookworm: resolved (fixed in 1.9.20-1.1)
bullseye: resolved (fixed in 1.9.20-1.1)
forky: resolved (fixed in 1.9.20-1.1)
sid: resolved (fixed in 1.9.20-1.1)
trixie: resolved (fixed in 1.9.20-1.1)
No detection rules found.
Bugzilla
CVE-2006-3082 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2006-3082 [MEDIUM] CVE-2006-3082 security flaw
CVE-2006-3082 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
Bugzilla
gnupg2: CVE-2006-3082 gnupg integer overflow
bugzilla·2006-06-21·CVSS 5.0
CVE-2006-3082 [MEDIUM] gnupg2: CVE-2006-3082 gnupg integer overflow
gnupg2: CVE-2006-3082 gnupg integer overflow
+++ This bug was initially created as a clone of Bug #195946 +++
gnupg integer overflow
Text taken from MITRE:
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20 allows remote attackers
to cause a denial of service (gpg crash) and possibly overwrite memory
via a message packet with a large length, which could lead to an
integer overflow, as demonstrated using the --no-armor option.
This issue also affects FC4
Discussion:
Thanks.
Next gnupg2 build will omit the gpg2 binary, because
* has security issue (CVE-2006-3082)... duh.
* as of the latest version, 1.9.21, it doesn't build
* upstream devs say "You shall not build the gpg part. There is a reason why it
is not enabled by default"
---
%changelog
* Thu Jun 22 2006 Rex Dieter 1.9.21-1
- 1.
Bugzilla
CVE-2006-3082 gnupg integer overflow
bugzilla·2006-06-19·CVSS 5.0
CVE-2006-3082 [MEDIUM] CVE-2006-3082 gnupg integer overflow
CVE-2006-3082 gnupg integer overflow
gnupg integer overflow
Text taken from MITRE:
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20 allows remote attackers
to cause a denial of service (gpg crash) and possibly overwrite memory
via a message packet with a large length, which could lead to an
integer overflow, as demonstrated using the --no-armor option.
This issue also affects FC4
Discussion:
gnupg-1.4.4-2 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
---
gnupg-1.4.4-2 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
---
Updates were pushed, but this didn't get c
Bugzilla
CVE-2006-3082 gnupg integer overflow
bugzilla·2006-06-19·CVSS 5.0
CVE-2006-3082 [MEDIUM] CVE-2006-3082 gnupg integer overflow
CVE-2006-3082 gnupg integer overflow
gnupg integer overflow
Text taken from MITRE:
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20 allows remote attackers
to cause a denial of service (gpg crash) and possibly overwrite memory
via a message packet with a large length, which could lead to an
integer overflow, as demonstrated using the --no-armor option.
This issue also affects RHEL3
This issue also affects RHEL2.1
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA
Dragos
OT Security Advisories
blogs_dragos·2025-09-17·CVSS 7.5
CVE-2024-432057 [HIGH] OT Security Advisories
## OT Security Advisories
## These advisories cover OT/ICS vulnerabilities discovered and disclosed by Dragos as an authorized CVE Numbering Authority (CNA).
Threat Level
Name
CVE ID
Vulnerability Type
Affects
Limited Threat
Maples Systems/Weintek HMI Panel and EBPro Software Vulnerabilities
CVE-2024-432057
CVE-2024-7710
Incorrect Permission Assignment for Critical Resource
Integrity check fails to identify out-of-band logic changes
Maple Systems and Weintek Brand HMI panels: iP Series: All versions, all models
iE Series: All versions, all models
eMT Series: All versions, all models
XE Series: All versions, all models
mTV Series: All versions, all models
Maple Systems and Weintek Brand HMI panels: iP Series: All versions, all models
iE Series: All versions, all models
eMT Ser
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-Uhttp://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157http://seclists.org/lists/fulldisclosure/2006/May/0774.htmlhttp://seclists.org/lists/fulldisclosure/2006/May/0782.htmlhttp://seclists.org/lists/fulldisclosure/2006/May/0789.htmlhttp://secunia.com/advisories/20783http://secunia.com/advisories/20801http://secunia.com/advisories/20811http://secunia.com/advisories/20829http://secunia.com/advisories/20881http://secunia.com/advisories/20899http://secunia.com/advisories/20968http://secunia.com/advisories/21063http://secunia.com/advisories/21135http://secunia.com/advisories/21137http://secunia.com/advisories/21143http://secunia.com/advisories/21585http://securitytracker.com/id?1016519http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.457382http://support.avaya.com/elmodocs2/security/ASA-2006-167.htmhttp://www.debian.org/security/2006/dsa-1107http://www.debian.org/security/2006/dsa-1115http://www.mandriva.com/security/advisories?name=MDKSA-2006:110http://www.novell.com/linux/security/advisories/2006_18_sr.htmlhttp://www.novell.com/linux/security/advisories/2006_38_security.htmlhttp://www.openpkg.com/security/advisories/OpenPKG-SA-2006.010.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0571.htmlhttp://www.securityfocus.com/archive/1/438751/100/0/threadedhttp://www.securityfocus.com/bid/18554http://www.vupen.com/english/advisories/2006/2450https://exchange.xforce.ibmcloud.com/vulnerabilities/27245https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10089https://usn.ubuntu.com/304-1/ftp://patches.sgi.com/support/free/security/advisories/20060701-01-Uhttp://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157http://seclists.org/lists/fulldisclosure/2006/May/0774.htmlhttp://seclists.org/lists/fulldisclosure/2006/May/0782.htmlhttp://seclists.org/lists/fulldisclosure/2006/May/0789.htmlhttp://secunia.com/advisories/20783http://secunia.com/advisories/20801http://secunia.com/advisories/20811http://secunia.com/advisories/20829http://secunia.com/advisories/20881http://secunia.com/advisories/20899http://secunia.com/advisories/20968http://secunia.com/advisories/21063http://secunia.com/advisories/21135http://secunia.com/advisories/21137http://secunia.com/advisories/21143http://secunia.com/advisories/21585http://securitytracker.com/id?1016519http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.457382http://support.avaya.com/elmodocs2/security/ASA-2006-167.htmhttp://www.debian.org/security/2006/dsa-1107http://www.debian.org/security/2006/dsa-1115http://www.mandriva.com/security/advisories?name=MDKSA-2006:110http://www.novell.com/linux/security/advisories/2006_18_sr.htmlhttp://www.novell.com/linux/security/advisories/2006_38_security.htmlhttp://www.openpkg.com/security/advisories/OpenPKG-SA-2006.010.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0571.htmlhttp://www.securityfocus.com/archive/1/438751/100/0/threadedhttp://www.securityfocus.com/bid/18554http://www.vupen.com/english/advisories/2006/2450https://exchange.xforce.ibmcloud.com/vulnerabilities/27245https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10089https://usn.ubuntu.com/304-1/
2006-06-19
Published