CVE-2006-6235

Publication date 7 December 2006

Last updated 24 July 2024

Ubuntu priority

A “stack overwrite” vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
gnupg	9.10 karmic	Fixed 1.4.6-1ubuntu2
	9.04 jaunty	Fixed 1.4.6-1ubuntu2
	8.10 intrepid	Fixed 1.4.6-1ubuntu2
	8.04 LTS hardy	Fixed 1.4.6-1ubuntu2
	7.10 gutsy	Fixed 1.4.6-1ubuntu2
	7.04 feisty	Fixed 1.4.6-1ubuntu2
	6.10 edgy	Fixed 1.4.3-2ubuntu3.3
	6.06 LTS dapper	Fixed 1.4.2.2-1ubuntu2.5
gnupg2	9.10 karmic	Fixed 2.0.3-1ubuntu1
	9.04 jaunty	Fixed 2.0.3-1ubuntu1
	8.10 intrepid	Fixed 2.0.3-1ubuntu1
	8.04 LTS hardy	Fixed 2.0.3-1ubuntu1
	7.10 gutsy	Fixed 2.0.3-1ubuntu1
	7.04 feisty	Fixed 2.0.3-1ubuntu1
	6.10 edgy	Fixed 1.9.21-0ubuntu5.3
	6.06 LTS dapper	Ignored end of life

References

Related Ubuntu Security Notices (USN)

USN-393-1
GnuPG vulnerability
7 December 2006

USN-393-2
GnuPG2 vulnerabilities
7 December 2006

Other references

https://www.cve.org/CVERecord?id=CVE-2006-6235