cbcvebase.
CVE-2006-6235
published 2006-12-07

CVE-2006-6235: A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via…

PriorityP339critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.67%
92.0th percentile
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

Affected

31 ranges· showing 25
VendorProductVersion rangeFixed in
debiangnupg2< gnupg2 2.0.0-5.2 (bookworm)gnupg2 2.0.0-5.2 (bookworm)
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gnuprivacy_guard
gpg4wingpg4win
redhatenterprise_linux
redhatenterprise_linux_desktop
redhatenterprise_linux_desktop
redhatfedora_core

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0HIGH
vendor_redhat10.0CRITICAL
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.