FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-3082

This CVE name corresponds to:

Entered Topic
2006-06-25 gnupg -- user id integer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-3082 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-3082
Phase Assigned(20060619)

Description

parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.

References

Source Reference
BUGTRAQ 20060629 rPSA-2006-0120-1 gnupg
FULLDISC 20060531 GnuPG fun
FULLDISC 20060601 Re: GnuPG fun
FULLDISC 20060531 RE: GnuPG fun
CONFIRM http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm
DEBIAN DSA-1107
DEBIAN DSA-1115
MANDRIVA MDKSA-2006:110
OPENPKG OpenPKG-SA-2006.010
REDHAT RHSA-2006:0571
SGI 20060701-01-U
SLACKWARE SSA:2006-178-02
SUSE SUSE-SR:2006:015
SUSE SUSE-SR:2006:018
UBUNTU USN-304-1
BID 18554
OVAL oval:org.mitre.oval:def:10089
VUPEN ADV-2006-2450
SECTRACK 1016519
SECUNIA 20783
SECUNIA 20829
SECUNIA 20801
SECUNIA 20811
SECUNIA 20881
SECUNIA 20899
SECUNIA 20968
SECUNIA 21063
SECUNIA 21143
SECUNIA 21137
SECUNIA 21135
SECUNIA 21585
XF gnupg-parsepacket-bo(27245)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.