CVE-2006-6235

Description

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

How to fix CVE-2006-6235

To remediate CVE-2006-6235, upgrade the affected package to a fixed version below.

• Debian/gnupg2—upgrade to 2.0.0-5.2 or later

Is CVE-2006-6235 being exploited?

Moderate — EPSS is 8.9%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 2.0.0-5.2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-6235