← volver
CVE-2006-6169

CVE-2006-6169

EPSS 3.2%
Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.aschttp://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.htmlhttp://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.htmlhttps://bugs.g10code.com/gnupg/issue728http://secunia.com/advisories/23094http://secunia.com/advisories/23110http://secunia.com/advisories/23146http://secunia.com/advisories/23161http://secunia.com/advisories/23171http://secunia.com/advisories/23250http://secunia.com/advisories/23269http://secunia.com/advisories/23284