CVE-2006-6235

N/A Unknown

Published: December 07, 2006 Modified: April 23, 2026

Description

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc

Source: cve@mitre.org

http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html

Source: cve@mitre.org

http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html

Source: cve@mitre.org

http://secunia.com/advisories/23245

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/23250

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/23255

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/23259

Source: cve@mitre.org

http://secunia.com/advisories/23269

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/23284

Source: cve@mitre.org

http://secunia.com/advisories/23290

Source: cve@mitre.org

http://secunia.com/advisories/23299

Source: cve@mitre.org

http://secunia.com/advisories/23303

Source: cve@mitre.org

http://secunia.com/advisories/23329

Source: cve@mitre.org

http://secunia.com/advisories/23335

Source: cve@mitre.org

http://secunia.com/advisories/23513

Source: cve@mitre.org

http://secunia.com/advisories/24047

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200612-03.xml

Source: cve@mitre.org

http://securitytracker.com/id?1017349

Source: cve@mitre.org

http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1231

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/427009

Source: cve@mitre.org

US Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2006:228

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2006_28_sr.html

Source: cve@mitre.org

http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0754.html

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/453664/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/453723/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/21462

Source: cve@mitre.org

Vendor Advisory

http://www.trustix.org/errata/2006/0070

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-393-1

Source: cve@mitre.org

Patch

http://www.ubuntu.com/usn/usn-393-2

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/4881

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/30711

Source: cve@mitre.org

https://issues.rpath.com/browse/RPL-835

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc