CVE-2006-3082

Published: 19 June 2006

parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.

Priority

Unknown

Status

Package Release Status
gnupg
Launchpad, Ubuntu, Debian
Upstream Needs triage

gnupg2
Launchpad, Ubuntu, Debian
Upstream Needs triage