CVE-2006-3082
gnupg2 - integer overflow
EPSS 30.3%
Description
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
How to fix CVE-2006-3082
To remediate CVE-2006-3082, upgrade the affected package to a fixed version below.
- Debian/gnupg—upgrade to 1.4.1-1.sarge4 or later
- Debian/gnupg—upgrade to 1.4.1-1.sarge4 or later
- —upgrade to 1.9.20-1.1 or later
- —upgrade to 1.9.15-6sarge1 or later
Is CVE-2006-3082 being exploited?
Moderate — EPSS is 30.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 1.4.1-1.sarge4
- from 0, < 1.4.1-1.sarge4
- from 0, < 1.9.20-1.1
- from 0, < 1.9.15-6sarge1