CVE-2006-6235
NONE EPSS 92.0%
Published Dec 7, 200619y ago · Modified Jun 16, 20262w ago
Published Dec 7, 2006 19y ago
Last Modified Jun 16, 2026 2w ago
Description
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
Threat Intelligence
EPSS Exploit Probability
92.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 32
| Vendor | Product | Version | Range |
|---|---|---|---|
| gnu | privacy_guard | 1.2.4 | any |
| gnu | privacy_guard | 1.2.5 | any |
| gnu | privacy_guard | 1.2.6 | any |
| gnu | privacy_guard | 1.2.7 | any |
| gnu | privacy_guard | 1.3.3 | any |
| gnu | privacy_guard | 1.3.4 | any |
| gnu | privacy_guard | 1.4 | any |
| gnu | privacy_guard | 1.4.1 | any |
| gnu | privacy_guard | 1.4.2 | any |
| gnu | privacy_guard | 1.4.2.1 | any |
| gnu | privacy_guard | 1.4.2.2 | any |
| gnu | privacy_guard | 1.4.3 | any |
| gnu | privacy_guard | 1.4.4 | any |
| gnu | privacy_guard | 1.4.5 | any |
| gnu | privacy_guard | 1.9.10 | any |
| gnu | privacy_guard | 1.9.15 | any |
| gnu | privacy_guard | 1.9.20 | any |
| gnu | privacy_guard | 2.0 | any |
| gnu | privacy_guard | 2.0.1 | any |
| gpg4win | gpg4win | 1.0.7 | any |
| redhat | enterprise_linux | 4.0 | any |
| redhat | enterprise_linux | 4.0 | any |
| redhat | enterprise_linux | 4.0 | any |
| redhat | enterprise_linux_desktop | 3.0 | any |
| redhat | enterprise_linux_desktop | 4.0 | any |
| redhat | fedora_core | core_5.0 | any |
| redhat | fedora_core | core6 | any |
| redhat | linux_advanced_workstation | 2.1 | any |
| rpath | linux | 1 | any |
| slackware | slackware_linux | 11.0 | any |
| ubuntu | ubuntu_linux | 5.10 | any |
| ubuntu | ubuntu_linux | 6.06 | any |
References 35
- patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc
- lists.gnupg.org http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html
- lists.suse.com http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html
- secunia.com http://secunia.com/advisories/23245
- secunia.com http://secunia.com/advisories/23250
- secunia.com http://secunia.com/advisories/23255
- secunia.com http://secunia.com/advisories/23259
- secunia.com http://secunia.com/advisories/23269
- secunia.com http://secunia.com/advisories/23284
- secunia.com http://secunia.com/advisories/23290
- secunia.com http://secunia.com/advisories/23299
- secunia.com http://secunia.com/advisories/23303
- secunia.com http://secunia.com/advisories/23329
- secunia.com http://secunia.com/advisories/23335
- secunia.com http://secunia.com/advisories/23513
- secunia.com http://secunia.com/advisories/24047
- security.gentoo.org http://security.gentoo.org/glsa/glsa-200612-03.xml
- securitytracker.com http://securitytracker.com/id?1017349
- support.avaya.com http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm
- debian.org http://www.debian.org/security/2006/dsa-1231
- kb.cert.org http://www.kb.cert.org/vuls/id/427009
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:228
- novell.com http://www.novell.com/linux/security/advisories/2006_28_sr.html
- openpkg.com http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2006-0754.html
- securityfocus.com http://www.securityfocus.com/archive/1/453664/100/0/threaded
- securityfocus.com http://www.securityfocus.com/archive/1/453723/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/21462
- trustix.org http://www.trustix.org/errata/2006/0070
- ubuntu.com http://www.ubuntu.com/usn/usn-393-1
- ubuntu.com http://www.ubuntu.com/usn/usn-393-2
- vupen.com http://www.vupen.com/english/advisories/2006/4881
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/30711
- issues.rpath.com https://issues.rpath.com/browse/RPL-835
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245
Remediation
- secunia.com http://secunia.com/advisories/23245
- secunia.com http://secunia.com/advisories/23250
- secunia.com http://secunia.com/advisories/23255
- secunia.com http://secunia.com/advisories/23269
- ubuntu.com http://www.ubuntu.com/usn/usn-393-1