Vulnerability Description
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnupg | Gnupg | <= 1.9.20 |
Related Weaknesses (CWE)
References
- ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
- http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=41
- http://seclists.org/lists/fulldisclosure/2006/May/0774.html
- http://seclists.org/lists/fulldisclosure/2006/May/0782.html
- http://seclists.org/lists/fulldisclosure/2006/May/0789.html
- http://secunia.com/advisories/20783Vendor Advisory
- http://secunia.com/advisories/20801Vendor Advisory
- http://secunia.com/advisories/20811Vendor Advisory
- http://secunia.com/advisories/20829Vendor Advisory
- http://secunia.com/advisories/20881Vendor Advisory
- http://secunia.com/advisories/20899Vendor Advisory
- http://secunia.com/advisories/20968Vendor Advisory
- http://secunia.com/advisories/21063Vendor Advisory
- http://secunia.com/advisories/21135Vendor Advisory
- http://secunia.com/advisories/21137Vendor Advisory
FAQ
What is CVE-2006-3082?
CVE-2006-3082 is a vulnerability with a CVSS score of 5.0 (MEDIUM). parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large l...
How severe is CVE-2006-3082?
CVE-2006-3082 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3082?
Check the references section above for vendor advisories and patch information. Affected products include: Gnupg Gnupg.