CVE-2006-3082
EPSS 30.3%gnupg2 - integer overflow
發布日:2006/6/19修改日:2026/3/9
描述
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
受影響套件(4)
- Debian/gnupgfrom 0, < 1.4.1-1.sarge4
- Debian/gnupgfrom 0, < 1.4.1-1.sarge4
- Debian/gnupg2from 0, < 1.9.20-1.1
- Debian/gnupg2from 0, < 1.9.15-6sarge1