// For flags

CVE-2006-6169

: gnupg2 < 2.0.1 buffer overflow

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.

Desbordamiento de búfer basado en montículo en la función ask_outfile_name en el openfile.c para GnuPG (gpg) 1.4 y 2.0, cuando se está ejecutando interactivamente, podría permitir a atacantes remotos ejecutar código de su elección mediante mensajes con expansiones "C-escape", que provocan que la función make_printable_string devuelva una cadena más larga de lo esperado mientras construye un aviso.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-11-29 CVE Reserved
  • 2006-11-29 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (36)
URL Tag Source
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html Mailing List
http://secunia.com/advisories/23110 Third Party Advisory
http://secunia.com/advisories/23146 Third Party Advisory
http://secunia.com/advisories/23161 Third Party Advisory
http://secunia.com/advisories/23171 Third Party Advisory
http://secunia.com/advisories/23250 Third Party Advisory
http://secunia.com/advisories/23269 Third Party Advisory
http://secunia.com/advisories/23284 Third Party Advisory
http://secunia.com/advisories/23299 Third Party Advisory
http://secunia.com/advisories/23303 Third Party Advisory
http://secunia.com/advisories/23513 Third Party Advisory
http://secunia.com/advisories/24047 Third Party Advisory
http://securityreason.com/securityalert/1927 Third Party Advisory
http://securitytracker.com/id?1017291 Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm X_refsource_confirm
http://www.securityfocus.com/archive/1/452829/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/453253/100/100/threaded Mailing List
http://www.securityfocus.com/bid/21306 Vdb Entry
http://www.vupen.com/english/advisories/2006/4736 Vdb Entry
https://bugs.g10code.com/gnupg/issue728 X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/30550 Vdb Entry
https://issues.rpath.com/browse/RPL-826 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11228 Signature
URL Date SRC
URL Date SRC
http://secunia.com/advisories/23094 2018-10-17
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc 2018-10-17
http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html 2018-10-17
http://security.gentoo.org/glsa/glsa-200612-03.xml 2018-10-17
http://www.debian.org/security/2006/dsa-1231 2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2006:221 2018-10-17
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html 2018-10-17
http://www.redhat.com/support/errata/RHSA-2006-0754.html 2018-10-17
http://www.trustix.org/errata/2006/0068 2018-10-17
http://www.ubuntu.com/usn/usn-389-1 2018-10-17
http://www.ubuntu.com/usn/usn-393-2 2018-10-17
https://access.redhat.com/security/cve/CVE-2006-6169 2006-12-06
https://bugzilla.redhat.com/show_bug.cgi?id=217950 2006-12-06
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gnupg
Search vendor "Gnupg"
 Gnupg
Search vendor "Gnupg" for product "Gnupg"
 1.4
Search vendor "Gnupg" for product "Gnupg" and version "1.4"
-
Affected
Gnupg
Search vendor "Gnupg"
 Gnupg
Search vendor "Gnupg" for product "Gnupg"
 2.0
Search vendor "Gnupg" for product "Gnupg" and version "2.0"
-
Affected