CVE-2006-3082

EPSS 30.3%

gnupg2 - integer overflow

Published: 6/19/2006Modified: 4/28/2026

Description

parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.

Affected packages (4)

Debian/gnupgfrom 0, < 1.4.1-1.sarge4
Debian/gnupgfrom 0, < 1.4.1-1.sarge4
Debian/gnupg2from 0, < 1.9.20-1.1
Debian/gnupg2from 0, < 1.9.15-6sarge1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2006-3082