CVE-2006-6169

描述

Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.

受影響套件(2)

• Debian/gnupgfrom 0, < 1.4.1-1.sarge6
• Debian/gnupg2from 0, < 2.0.0-5.1

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2006-6169