CVE-2006-3082

parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.

🔗 References (66)

• cve@mitreftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
• cve@mitrehttp://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157
• cve@mitrehttp://seclists.org/lists/fulldisclosure/2006/May/0774.html
• cve@mitrehttp://seclists.org/lists/fulldisclosure/2006/May/0782.html
• cve@mitrehttp://seclists.org/lists/fulldisclosure/2006/May/0789.html
• cve@mitrehttp://secunia.com/advisories/20783
• cve@mitrehttp://secunia.com/advisories/20801
• cve@mitrehttp://secunia.com/advisories/20811
• cve@mitrehttp://secunia.com/advisories/20829
• cve@mitrehttp://secunia.com/advisories/20881
• cve@mitrehttp://secunia.com/advisories/20899
• cve@mitrehttp://secunia.com/advisories/20968
• cve@mitrehttp://secunia.com/advisories/21063
• cve@mitrehttp://secunia.com/advisories/21135
• cve@mitrehttp://secunia.com/advisories/21137