← volver
CVE-2006-3082

CVE-2006-3082

EPSS 7.2%
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
Productos afectados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/28077no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-Uhttp://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157http://seclists.org/lists/fulldisclosure/2006/May/0774.htmlhttp://seclists.org/lists/fulldisclosure/2006/May/0782.htmlhttp://seclists.org/lists/fulldisclosure/2006/May/0789.htmlhttp://secunia.com/advisories/20783http://secunia.com/advisories/20801http://secunia.com/advisories/20811http://secunia.com/advisories/20829http://secunia.com/advisories/20881http://secunia.com/advisories/20899http://secunia.com/advisories/20968