10

CVE-2006-6235

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuPrivacy Guard Version1.2.4
GnuPrivacy Guard Version1.2.5
GnuPrivacy Guard Version1.2.6
GnuPrivacy Guard Version1.2.7
GnuPrivacy Guard Version1.3.3
GnuPrivacy Guard Version1.3.4
GnuPrivacy Guard Version1.4
GnuPrivacy Guard Version1.4.1
GnuPrivacy Guard Version1.4.2
GnuPrivacy Guard Version1.4.2.1
GnuPrivacy Guard Version1.4.2.2
GnuPrivacy Guard Version1.4.3
GnuPrivacy Guard Version1.4.4
GnuPrivacy Guard Version1.4.5
GnuPrivacy Guard Version1.9.10
GnuPrivacy Guard Version1.9.15
GnuPrivacy Guard Version1.9.20
GnuPrivacy Guard Version2.0
GnuPrivacy Guard Version2.0.1
Gpg4winGpg4win Version1.0.7
RedhatEnterprise Linux Version4.0 Editionadvanced_server
RedhatEnterprise Linux Version4.0 Editionenterprise_server
RedhatEnterprise Linux Version4.0 Editionworkstation
RedhatFedora Core Versioncore_5.0
RedhatFedora Core Versioncore6
RedhatLinux Advanced Workstation Version2.1 Editionitanium_processor
RpathLinux Version1
SlackwareSlackware Linux Version11.0
UbuntuUbuntu Linux Version5.10
UbuntuUbuntu Linux Version6.06
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.71% 0.921
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/23335
http://www.novell.com/linux/security/advisories/2006_28_sr.html
ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc
http://secunia.com/advisories/23513
http://www.trustix.org/errata/2006/0070
http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html
http://secunia.com/advisories/23250
Patch
Vendor Advisory
http://secunia.com/advisories/23269
Patch
Vendor Advisory
http://secunia.com/advisories/23284
http://secunia.com/advisories/23299
http://secunia.com/advisories/23303
http://secunia.com/advisories/24047
http://security.gentoo.org/glsa/glsa-200612-03.xml
http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm
http://www.debian.org/security/2006/dsa-1231
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html
http://www.redhat.com/support/errata/RHSA-2006-0754.html
Vendor Advisory
http://www.ubuntu.com/usn/usn-393-2
http://secunia.com/advisories/23329
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html
http://secunia.com/advisories/23245
Patch
Vendor Advisory
http://secunia.com/advisories/23255
Patch
Vendor Advisory
http://secunia.com/advisories/23259
http://secunia.com/advisories/23290
http://securitytracker.com/id?1017349
http://www.kb.cert.org/vuls/id/427009
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:228
http://www.securityfocus.com/archive/1/453664/100/0/threaded
http://www.securityfocus.com/archive/1/453723/100/0/threaded
http://www.securityfocus.com/bid/21462
Vendor Advisory
http://www.ubuntu.com/usn/usn-393-1
Patch
http://www.vupen.com/english/advisories/2006/4881
https://exchange.xforce.ibmcloud.com/vulnerabilities/30711
https://issues.rpath.com/browse/RPL-835
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245