CVE-2006-6235

Source
https://nvd.nist.gov/vuln/detail/CVE-2006-6235
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2006-6235.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2006-6235
Related
Published
2006-12-07T11:28:00Z
Modified
2024-06-30T12:00:03Z
Summary
[none]
Details

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

References

Affected packages

Debian:11 / gnupg2

Package

Name
gnupg2
Purl
pkg:deb/debian/gnupg2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.0-5.2

Ecosystem specific

{
    "urgency": "high"
}

Debian:12 / gnupg2

Package

Name
gnupg2
Purl
pkg:deb/debian/gnupg2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.0-5.2

Ecosystem specific

{
    "urgency": "high"
}

Debian:13 / gnupg2

Package

Name
gnupg2
Purl
pkg:deb/debian/gnupg2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.0-5.2

Ecosystem specific

{
    "urgency": "high"
}