Vulnerability Description
Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnupg | Gnupg | 1.4.4 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
- http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg.CVE-2006-3746.diff?bug=381204
- http://issues.rpath.com/browse/RPL-560
- http://lists.immunitysec.com/pipermail/dailydave/2006-July/003354.htmlExploit
- http://lwn.net/Alerts/194228/
- http://secunia.com/advisories/21297
- http://secunia.com/advisories/21300
- http://secunia.com/advisories/21306
- http://secunia.com/advisories/21326
- http://secunia.com/advisories/21329
- http://secunia.com/advisories/21333
- http://secunia.com/advisories/21346
- http://secunia.com/advisories/21351
- http://secunia.com/advisories/21378
- http://secunia.com/advisories/21467
FAQ
What is CVE-2006-3746?
CVE-2006-3746 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.
How severe is CVE-2006-3746?
CVE-2006-3746 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3746?
Check the references section above for vendor advisories and patch information. Affected products include: Gnupg Gnupg.