CVE-2006-3082 Information
Description
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20 and earlier versions allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string) which could lead to an integer overflow as demonstrated using the –no-armor option.
Reference
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157 http://seclists.org/lists/fulldisclosure/2006/May/0774.html http://seclists.org/lists/fulldisclosure/2006/May/0782.html http://seclists.org/lists/fulldisclosure/2006/May/0789.html http://secunia.com/advisories/20783 http://secunia.com/advisories/20801 http://secunia.com/advisories/20811 http://secunia.com/advisories/20829 http://secunia.com/advisories/20881 http://secunia.com/advisories/20899 http://secunia.com/advisories/20968 http://secunia.com/advisories/21063 http://secunia.com/advisories/21135 http://secunia.com/advisories/21137 http://secunia.com/advisories/21143 http://secunia.com/advisories/21585 http://securitytracker.com/id?1016519 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.457382 http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm http://www.debian.org/security/2006/dsa-1107 http://www.debian.org/security/2006/dsa-1115 http://www.mandriva.com/security/advisories?name=MDKSA-2006:110 http://www.novell.com/linux/security/advisories/2006_18_sr.html http://www.novell.com/linux/security/advisories/2006_38_security.html http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.010.html http://www.redhat.com/support/errata/RHSA-2006-0571.html http://www.securityfocus.com/archive/1/438751/100/0/threaded http://www.securityfocus.com/bid/18554 http://www.vupen.com/english/advisories/2006/2450 https://exchange.xforce.ibmcloud.com/vulnerabilities/27245 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10089 https://usn.ubuntu.com/304-1/
Share on: