CVE-2006-3082

GnuPG 1.4.3/1.9.x - Parse_User_ID Remote Buffer Overflow

Severity Score

7.5

*CVSS v3

Exploit Likelihood

22.7%

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.

parse-packet.c en GnuPG (gpg) v1.4.3, v1.9.20 y versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (caída de gpg) y posiblemente sobrescribir la memoria a través de un paquete de mensajes de gran longitud (con un ID de usuario demasiado largo), lo cual podría llevar a un desbordamiento de enteros, tal y como se demuestra con la opción '-no-armor'.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-06-19 CVE Reserved
2006-06-19 CVE Published
2006-06-20 First Exploit
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-189: Numeric Errors

CAPEC

References (36)

URL	Tag	Source
http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=415...	X_refsource_confirm
http://seclists.org/lists/fulldisclosure/2006/May/0774.html	Mailing List
http://seclists.org/lists/fulldisclosure/2006/May/0782.html	Mailing List
http://seclists.org/lists/fulldisclosure/2006/May/0789.html	Mailing List
http://securitytracker.com/id?1016519	Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm	X_refsource_confirm
http://www.securityfocus.com/archive/1/438751/100/0/threaded	Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/27245	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre...	Signature

1 - 9 of 9

URL	Date	SRC
https://www.exploit-db.com/exploits/28077	2006-06-20

1 - 1 of 1

URL	Date	SRC

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/200...	2018-10-18
http://secunia.com/advisories/20783	2018-10-18
http://secunia.com/advisories/20801	2018-10-18
http://secunia.com/advisories/20811	2018-10-18
http://secunia.com/advisories/20829	2018-10-18
http://secunia.com/advisories/20881	2018-10-18
http://secunia.com/advisories/20899	2018-10-18
http://secunia.com/advisories/20968	2018-10-18
http://secunia.com/advisories/21063	2018-10-18
http://secunia.com/advisories/21135	2018-10-18

1 - 10 of 26

Affected Vendors, Products, and Versions (2)

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnupg Search vendor "Gnupg"		Gnupg Search vendor "Gnupg" for product "Gnupg"				<= 1.9.20 Search vendor "Gnupg" for product "Gnupg" and version " <= 1.9.20"		-		Affected
Gnupg Search vendor "Gnupg"		Gnupg Search vendor "Gnupg" for product "Gnupg"				1.4.3 Search vendor "Gnupg" for product "Gnupg" and version "1.4.3"		-		Affected

1 - 2 of 2