CVE-2006-3082

Publication date 19 June 2006

Last updated 24 July 2024

Ubuntu priority

parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
gnupg	9.10 karmic	Fixed 1.4.6-1ubuntu2
	9.04 jaunty	Fixed 1.4.6-1ubuntu2
	8.10 intrepid	Fixed 1.4.6-1ubuntu2
	8.04 LTS hardy	Fixed 1.4.6-1ubuntu2
	7.10 gutsy	Fixed 1.4.6-1ubuntu2
	7.04 feisty	Fixed 1.4.6-1ubuntu2
	6.10 edgy	Fixed 1.4.3-2ubuntu3.3
	6.06 LTS dapper	Fixed 1.4.2.2-1ubuntu2.5
gnupg2	9.10 karmic	Fixed 2.0.3-1ubuntu1
	9.04 jaunty	Fixed 2.0.3-1ubuntu1
	8.10 intrepid	Fixed 2.0.3-1ubuntu1
	8.04 LTS hardy	Fixed 2.0.3-1ubuntu1
	7.10 gutsy	Fixed 2.0.3-1ubuntu1
	7.04 feisty	Fixed 2.0.3-1ubuntu1
	6.10 edgy	Fixed 1.9.21-0ubuntu5.3
	6.06 LTS dapper	Ignored end of life

CVE-2006-3082

Status

References

Related Ubuntu Security Notices (USN)

Other references