FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gnupg -- buffer overflow

Affected packages
gnupg < 1.4.5_1

Details

VuXML ID 34c93ae8-7e6f-11db-bf00-02e081235dab
Discovery 2006-11-27
Entry 2006-11-27

Werner Koch reports:

When running GnuPG interactively, special crafted messages may be used to crash gpg or gpg2. Running gpg in batch mode, as done by all software using gpg as a backend (e.g. mailers), is not affected by this bug.

Exploiting this overflow seems to be possible.

gpg-agent, gpgsm, gpgv or other tools from the GnuPG suite are not affected.

References

URL http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html