CVE-2006-6235 — Privacy Guard vulnerability

11 documents8 sources

Severity

10.0CRITICALNVD

EPSS

8.9%

top 7.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Privacy Guard Gpg4win Redhat Enterprise Linux +6 more

Timeline

PublishedDec 7

Latest updateMay 3

Description

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages7 packages

▶NVDrpath/linux1

▶NVDgpg4win/gpg4win1.0.7

▶NVDgnu/privacy_guard19 versions+18

▶NVDredhat/fedora_corecore6, core_5.0+1

▶NVDslackware/slackware_linux11.0

Also affects: Ubuntu Linux 5.10, 6.06, Enterprise Linux 4.0

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-fxx3-6m2r-fwh5: A "stack overwrite" vulnerability in GnuPG (gpg) 1↗2022-05-03

▶

OSV

CVE-2006-6235: A "stack overwrite" vulnerability in GnuPG (gpg) 1↗2006-12-07

▶

CVEList

CVE-2006-6235: A "stack overwrite" vulnerability in GnuPG (gpg) 1↗2006-12-07

▶

📋Vendor Advisories

Ubuntu

GnuPG vulnerability↗2006-12-07

▶

Ubuntu

GnuPG2 vulnerabilities↗2006-12-07

▶

Red Hat

security flaw↗2006-12-06

▶

Debian

CVE-2006-6235: gnupg2 - A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2....↗2006

▶

💬Community

Bugzilla

CVE-2006-6235 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-6235: gnupg2 <= 2.0.1 stack overwrite vulnerability↗2006-12-07

▶

Bugzilla

CVE-2006-6235 GnuPG references local variable after function returns↗2006-12-05

▶