Vulnerability Description
Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnupg | Gnupg | 1.4 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc
- http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html
- http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html
- http://secunia.com/advisories/23094PatchVendor Advisory
- http://secunia.com/advisories/23110
- http://secunia.com/advisories/23146
- http://secunia.com/advisories/23161
- http://secunia.com/advisories/23171
- http://secunia.com/advisories/23250
- http://secunia.com/advisories/23269
- http://secunia.com/advisories/23284
- http://secunia.com/advisories/23299
- http://secunia.com/advisories/23303
- http://secunia.com/advisories/23513
- http://secunia.com/advisories/24047
FAQ
What is CVE-2006-6169?
CVE-2006-6169 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-...
How severe is CVE-2006-6169?
CVE-2006-6169 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6169?
Check the references section above for vendor advisories and patch information. Affected products include: Gnupg Gnupg.