CVE-2006-6235 Information

Feb 14, 2021 cve

Description

A \stack overwrite\ vulnerability in GnuPG (gpg) 1.x before 1.4.6 2.x before 2.0.2 and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

Reference

ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html http://secunia.com/advisories/23245 http://secunia.com/advisories/23250 http://secunia.com/advisories/23255 http://secunia.com/advisories/23259 http://secunia.com/advisories/23269 http://secunia.com/advisories/23284 http://secunia.com/advisories/23290 http://secunia.com/advisories/23299 http://secunia.com/advisories/23303 http://secunia.com/advisories/23329 http://secunia.com/advisories/23335 http://secunia.com/advisories/23513 http://secunia.com/advisories/24047 http://security.gentoo.org/glsa/glsa-200612-03.xml http://securitytracker.com/id?1017349 http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm http://www.debian.org/security/2006/dsa-1231 http://www.kb.cert.org/vuls/id/427009 http://www.mandriva.com/security/advisories?name=MDKSA-2006:228 http://www.novell.com/linux/security/advisories/2006_28_sr.html http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html http://www.redhat.com/support/errata/RHSA-2006-0754.html http://www.securityfocus.com/archive/1/453664/100/0/threaded http://www.securityfocus.com/archive/1/453723/100/0/threaded http://www.securityfocus.com/bid/21462 http://www.trustix.org/errata/2006/0070 http://www.ubuntu.com/usn/usn-393-1 http://www.ubuntu.com/usn/usn-393-2 http://www.vupen.com/english/advisories/2006/4881 https://exchange.xforce.ibmcloud.com/vulnerabilities/30711 https://issues.rpath.com/browse/RPL-835 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11245

Share on: