CVE-2006-6235 — Vulnetix

Try Vulnetix Request Demo

CVE-2006-6235 PUBLISHED CVSS 10 CRITICAL

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

EPSS 8.90% · 92.5th percentile

Risk Scores

CVSS v2.0

10

EPSS Score

8.90%

92.5th percentile

Affected Products

Vendor	Product	Versions
ubuntu	ubuntu_linux	6.06, 5.10
redhat	linux_advanced_workstation	2.1
gpg4win	gpg4win	1.0.7
gnu	privacy_guard	1.2.7, 1.3.3, 1.3.4
n/a	n/a	n/a
redhat	fedora_core	core_5.0, core6
redhat	enterprise_linux	4.0, 4.0, 4.0
slackware	slackware_linux	11.0
redhat	enterprise_linux_desktop	4.0, 3.0
rpath	linux	1

Timeline

Dec 7, 2006 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Jul 27, 2023 EPSS Score

References

1017349 vdb
23269 third-party-advisory
23303 third-party-advisory
20061206 rPSA-2006-0227-1 gnupg mailing-list
23255 third-party-advisory
USN-393-1 vendor-advisory
23513 third-party-advisory
23284 third-party-advisory
USN-393-2 vendor-advisory
23245 third-party-advisory
[gnupg-announce] GnuPG: remotely controllable function pointer [CVE-2006-6235] mailing-list
VU#427009 third-party-advisory
SUSE-SR:2006:028 vendor-advisory
RHSA-2006:0754 vendor-advisory
DSA-1231 vendor-advisory
20061206 GnuPG: remotely controllable function pointer [CVE-2006-6235] mailing-list
23335 third-party-advisory
23299 third-party-advisory
21462 vdb
2006-0070 vendor-advisory

…and 16 more

Open in Interactive Console →