ByteOS Network

Vulnerability Details :

CVE-2006-6169

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-29 Nov, 2006 | 18:00

Updated At-07 Aug, 2024 | 20:19

Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:29 Nov, 2006 | 18:00

Updated At:07 Aug, 2024 | 20:19

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://secunia.com/advisories/23110	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/23269	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/23303	third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/452829/100/0/threaded	mailing-list x_refsource_BUGTRAQ
https://issues.rpath.com/browse/RPL-826	x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/30550	vdb-entry x_refsource_XF
http://secunia.com/advisories/23513	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/23284	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/23146	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/23171	third-party-advisory x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-393-2	vendor-advisory x_refsource_UBUNTU
http://www.redhat.com/support/errata/RHSA-2006-0754.html	vendor-advisory x_refsource_REDHAT
http://www.trustix.org/errata/2006/0068/	vendor-advisory x_refsource_TRUSTIX
http://securityreason.com/securityalert/1927	third-party-advisory x_refsource_SREASON
http://www.debian.org/security/2006/dsa-1231	vendor-advisory x_refsource_DEBIAN
http://secunia.com/advisories/23299	third-party-advisory x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-389-1	vendor-advisory x_refsource_UBUNTU
https://bugs.g10code.com/gnupg/issue728	x_refsource_MISC
http://securitytracker.com/id?1017291	vdb-entry x_refsource_SECTRACK
http://security.gentoo.org/glsa/glsa-200612-03.xml	vendor-advisory x_refsource_GENTOO
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html	mailing-list x_refsource_MLIST
http://secunia.com/advisories/23094	third-party-advisory x_refsource_SECUNIA
http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html	vendor-advisory x_refsource_SUSE
http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm	x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/453253/100/100/threaded	mailing-list x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/21306	vdb-entry x_refsource_BID
http://www.vupen.com/english/advisories/2006/4736	vdb-entry x_refsource_VUPEN
http://secunia.com/advisories/23250	third-party-advisory x_refsource_SECUNIA
ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc	vendor-advisory x_refsource_SGI
http://secunia.com/advisories/23161	third-party-advisory x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:221	vendor-advisory x_refsource_MANDRIVA
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html	vendor-advisory x_refsource_OPENPKG
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11228	vdb-entry signature x_refsource_OVAL
http://secunia.com/advisories/24047	third-party-advisory x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/23110

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/23269

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/23303

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.securityfocus.com/archive/1/452829/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: https://issues.rpath.com/browse/RPL-826

Resource:

x_refsource_CONFIRM

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/30550

Resource:

vdb-entry

x_refsource_XF

Hyperlink: http://secunia.com/advisories/23513

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/23284

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/23146

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/23171

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.ubuntu.com/usn/usn-393-2

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0754.html

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://www.trustix.org/errata/2006/0068/

Resource:

vendor-advisory

x_refsource_TRUSTIX

Hyperlink: http://securityreason.com/securityalert/1927

Resource:

third-party-advisory

x_refsource_SREASON

Hyperlink: http://www.debian.org/security/2006/dsa-1231

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: http://secunia.com/advisories/23299

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.ubuntu.com/usn/usn-389-1

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: https://bugs.g10code.com/gnupg/issue728

Resource:

x_refsource_MISC

Hyperlink: http://securitytracker.com/id?1017291

Resource:

vdb-entry

x_refsource_SECTRACK

Hyperlink: http://security.gentoo.org/glsa/glsa-200612-03.xml

Resource:

vendor-advisory

x_refsource_GENTOO

Hyperlink: http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://secunia.com/advisories/23094

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securityfocus.com/archive/1/453253/100/100/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://www.securityfocus.com/bid/21306

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://www.vupen.com/english/advisories/2006/4736

Resource:

vdb-entry

x_refsource_VUPEN

Hyperlink: http://secunia.com/advisories/23250

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc

Resource:

vendor-advisory

x_refsource_SGI

Hyperlink: http://secunia.com/advisories/23161

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:221

Resource:

vendor-advisory

x_refsource_MANDRIVA

Hyperlink: http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html

Resource:

vendor-advisory

x_refsource_OPENPKG

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11228

Resource:

vdb-entry

signature

x_refsource_OVAL

Hyperlink: http://secunia.com/advisories/24047

Resource:

third-party-advisory

x_refsource_SECUNIA

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://secunia.com/advisories/23110	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/23269	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/23303	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.securityfocus.com/archive/1/452829/100/0/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
https://issues.rpath.com/browse/RPL-826	x_refsource_CONFIRM x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/30550	vdb-entry x_refsource_XF x_transferred
http://secunia.com/advisories/23513	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/23284	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/23146	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/23171	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.ubuntu.com/usn/usn-393-2	vendor-advisory x_refsource_UBUNTU x_transferred
http://www.redhat.com/support/errata/RHSA-2006-0754.html	vendor-advisory x_refsource_REDHAT x_transferred
http://www.trustix.org/errata/2006/0068/	vendor-advisory x_refsource_TRUSTIX x_transferred
http://securityreason.com/securityalert/1927	third-party-advisory x_refsource_SREASON x_transferred
http://www.debian.org/security/2006/dsa-1231	vendor-advisory x_refsource_DEBIAN x_transferred
http://secunia.com/advisories/23299	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.ubuntu.com/usn/usn-389-1	vendor-advisory x_refsource_UBUNTU x_transferred
https://bugs.g10code.com/gnupg/issue728	x_refsource_MISC x_transferred
http://securitytracker.com/id?1017291	vdb-entry x_refsource_SECTRACK x_transferred
http://security.gentoo.org/glsa/glsa-200612-03.xml	vendor-advisory x_refsource_GENTOO x_transferred
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html	mailing-list x_refsource_MLIST x_transferred
http://secunia.com/advisories/23094	third-party-advisory x_refsource_SECUNIA x_transferred
http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html	vendor-advisory x_refsource_SUSE x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm	x_refsource_CONFIRM x_transferred
http://www.securityfocus.com/archive/1/453253/100/100/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
http://www.securityfocus.com/bid/21306	vdb-entry x_refsource_BID x_transferred
http://www.vupen.com/english/advisories/2006/4736	vdb-entry x_refsource_VUPEN x_transferred
http://secunia.com/advisories/23250	third-party-advisory x_refsource_SECUNIA x_transferred
ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc	vendor-advisory x_refsource_SGI x_transferred
http://secunia.com/advisories/23161	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2006:221	vendor-advisory x_refsource_MANDRIVA x_transferred
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html	vendor-advisory x_refsource_OPENPKG x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11228	vdb-entry signature x_refsource_OVAL x_transferred
http://secunia.com/advisories/24047	third-party-advisory x_refsource_SECUNIA x_transferred

Hyperlink: http://secunia.com/advisories/23110

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://secunia.com/advisories/23269

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://secunia.com/advisories/23303

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/452829/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: https://issues.rpath.com/browse/RPL-826

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/30550

Resource:

vdb-entry

x_refsource_XF

x_transferred

Hyperlink: http://secunia.com/advisories/23513

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://secunia.com/advisories/23284

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://secunia.com/advisories/23146

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://secunia.com/advisories/23171

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.ubuntu.com/usn/usn-393-2

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0754.html

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: http://www.trustix.org/errata/2006/0068/

Resource:

vendor-advisory

x_refsource_TRUSTIX

x_transferred

Hyperlink: http://securityreason.com/securityalert/1927

Resource:

third-party-advisory

x_refsource_SREASON

x_transferred

Hyperlink: http://www.debian.org/security/2006/dsa-1231

Resource:

vendor-advisory

x_refsource_DEBIAN

x_transferred

Hyperlink: http://secunia.com/advisories/23299

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.ubuntu.com/usn/usn-389-1

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: https://bugs.g10code.com/gnupg/issue728

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://securitytracker.com/id?1017291

Resource:

vdb-entry

x_refsource_SECTRACK

x_transferred

Hyperlink: http://security.gentoo.org/glsa/glsa-200612-03.xml

Resource:

vendor-advisory

x_refsource_GENTOO

x_transferred

Hyperlink: http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://secunia.com/advisories/23094

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/453253/100/100/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: http://www.securityfocus.com/bid/21306

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://www.vupen.com/english/advisories/2006/4736

Resource:

vdb-entry

x_refsource_VUPEN

x_transferred

Hyperlink: http://secunia.com/advisories/23250

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc

Resource:

vendor-advisory

x_refsource_SGI

x_transferred

Hyperlink: http://secunia.com/advisories/23161

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:221

Resource:

vendor-advisory

x_refsource_MANDRIVA

x_transferred

Hyperlink: http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html

Resource:

vendor-advisory

x_refsource_OPENPKG

x_transferred

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11228

Resource:

vdb-entry

signature

x_refsource_OVAL

x_transferred

Hyperlink: http://secunia.com/advisories/24047

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:29 Nov, 2006 | 18:28

Updated At:17 Oct, 2018 | 21:47

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 6.8

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

gnupg>>gnupg>>1.4

cpe:2.3:a:gnupg:gnupg:1.4:*:*:*:*:*:*:*

gnupg>>gnupg>>2.0

cpe:2.3:a:gnupg:gnupg:2.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

Vendor Statements

Organization : Red Hat

Last Modified : 2007-03-14T00:00:00

Red Hat does not consider this bug to be a security flaw. In order for this flaw to be exploited, a user would be required to enter shellcode into an interactive GnuPG session. Red Hat considers this to be an unlikely scenario. Red Hat Enterprise Linux 5 contains a backported patch to address this issue.

References

Hyperlink	Source	Resource
ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc	cve@mitre.org	N/A
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html	cve@mitre.org	N/A
http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html	cve@mitre.org	N/A
http://secunia.com/advisories/23094	cve@mitre.org	Patch Vendor Advisory
http://secunia.com/advisories/23110	cve@mitre.org	N/A
http://secunia.com/advisories/23146	cve@mitre.org	N/A
http://secunia.com/advisories/23161	cve@mitre.org	N/A
http://secunia.com/advisories/23171	cve@mitre.org	N/A
http://secunia.com/advisories/23250	cve@mitre.org	N/A
http://secunia.com/advisories/23269	cve@mitre.org	N/A
http://secunia.com/advisories/23284	cve@mitre.org	N/A
http://secunia.com/advisories/23299	cve@mitre.org	N/A
http://secunia.com/advisories/23303	cve@mitre.org	N/A
http://secunia.com/advisories/23513	cve@mitre.org	N/A
http://secunia.com/advisories/24047	cve@mitre.org	N/A
http://security.gentoo.org/glsa/glsa-200612-03.xml	cve@mitre.org	N/A
http://securityreason.com/securityalert/1927	cve@mitre.org	N/A
http://securitytracker.com/id?1017291	cve@mitre.org	N/A
http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm	cve@mitre.org	N/A
http://www.debian.org/security/2006/dsa-1231	cve@mitre.org	N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2006:221	cve@mitre.org	N/A
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html	cve@mitre.org	N/A
http://www.redhat.com/support/errata/RHSA-2006-0754.html	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/452829/100/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/453253/100/100/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/21306	cve@mitre.org	N/A
http://www.trustix.org/errata/2006/0068/	cve@mitre.org	N/A
http://www.ubuntu.com/usn/usn-389-1	cve@mitre.org	N/A
http://www.ubuntu.com/usn/usn-393-2	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2006/4736	cve@mitre.org	N/A
https://bugs.g10code.com/gnupg/issue728	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/30550	cve@mitre.org	N/A
https://issues.rpath.com/browse/RPL-826	cve@mitre.org	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11228	cve@mitre.org	N/A

Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/23094

Source: cve@mitre.org

Resource:

Patch

Vendor Advisory

Hyperlink: http://secunia.com/advisories/23110

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/23146

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/23161

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/23171

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/23250

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/23269

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/23284

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/23299

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/23303

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/23513

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/24047

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://security.gentoo.org/glsa/glsa-200612-03.xml

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://securityreason.com/securityalert/1927

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://securitytracker.com/id?1017291

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.debian.org/security/2006/dsa-1231

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:221

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0754.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/archive/1/452829/100/0/threaded

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/archive/1/453253/100/100/threaded

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/21306

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.trustix.org/errata/2006/0068/

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.ubuntu.com/usn/usn-389-1

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.ubuntu.com/usn/usn-393-2

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.vupen.com/english/advisories/2006/4736

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://bugs.g10code.com/gnupg/issue728

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/30550

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://issues.rpath.com/browse/RPL-826

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11228

Source: cve@mitre.org

Resource: N/A

Similar CVEs

2Records found

CVE-2020-25125

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-7.8||HIGH

EPSS-0.33% / 55.52%

7 Day CHG~0.00%

Published-03 Sep, 2020 | 17:48

Updated-04 Aug, 2024 | 15:26

GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.

Vendor-gnupg gpg4win n/a

Product-gnupg gpg4win n/a

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2018-1000858

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.22% / 44.12%

7 Day CHG~0.00%

Published-20 Dec, 2018 | 16:00

Updated-05 Aug, 2024 | 12:47

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.

Vendor-gnupg n/a Canonical Ltd.

Product-gnupg ubuntu_linux n/a

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2006-6169

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs