CVE-2006-3082
CVE-2006-3082
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/28077unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-Uhttp://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157http://seclists.org/lists/fulldisclosure/2006/May/0774.htmlhttp://seclists.org/lists/fulldisclosure/2006/May/0782.htmlhttp://seclists.org/lists/fulldisclosure/2006/May/0789.htmlhttp://secunia.com/advisories/20783http://secunia.com/advisories/20801http://secunia.com/advisories/20811http://secunia.com/advisories/20829http://secunia.com/advisories/20881http://secunia.com/advisories/20899http://secunia.com/advisories/20968