[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256040

 
 

909

 
 

199103

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-6235Date: (C)2006-12-07   (M)2023-12-22


A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1017349
2006-0070
20061201-01-P
http://www.securityfocus.com/archive/1/archive/1/453664/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/453723/100/0/threaded
BID-21462
SECUNIA-23245
SECUNIA-23250
SECUNIA-23255
SECUNIA-23259
SECUNIA-23269
SECUNIA-23284
SECUNIA-23290
SECUNIA-23299
SECUNIA-23303
SECUNIA-23329
SECUNIA-23335
SECUNIA-23513
SECUNIA-24047
ADV-2006-4881
DSA-1231
GLSA-200612-03
MDKSA-2006:228
OpenPKG-SA-2006.037
RHSA-2006:0754
SUSE-SA:2006:075
SUSE-SR:2006:028
USN-393-1
USN-393-2
VU#427009
gnupg-openpgp-code-execution(30711)
http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm
https://issues.rpath.com/browse/RPL-835

CPE    23
cpe:/a:gnu:privacy_guard:1.9.10
cpe:/a:gnu:privacy_guard:1.9.15
cpe:/a:gnu:privacy_guard:2.0.1
cpe:/a:gnu:privacy_guard:1.4.2
...

© SecPod Technologies