1. Home
  2. CVE Database
  3. CVE-2006-6235
HIGH · 10.0

CVE-2006-6235

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to...

Vulnerability Description

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
GnuPrivacy Guard1.2.4
Gpg4WinGpg4Win1.0.7
RedhatEnterprise Linux4.0
RedhatEnterprise Linux Desktop3.0
RedhatFedora Corecore_5.0
RedhatLinux Advanced Workstation2.1
RpathLinux1
SlackwareSlackware Linux11.0
UbuntuUbuntu Linux5.10

References

FAQ

What is CVE-2006-6235?

CVE-2006-6235 is a vulnerability with a CVSS score of 10.0 (HIGH). A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to...

How severe is CVE-2006-6235?

CVE-2006-6235 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-6235?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Privacy Guard, Gpg4Win Gpg4Win, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Fedora Core.