gnupg vulnerability

2006-06-2700:00:00

ubuntu.com

7.2 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.741 High

EPSS

Percentile

98.1%

JSON

Releases

Ubuntu 6.06
Ubuntu 5.10
Ubuntu 5.04

Details

Evgeny Legerov discovered that GnuPG did not sufficiently check overly
large user ID packets. Specially crafted user IDs caused a buffer
overflow. By tricking an user or remote automated system into
processing a malicous GnuPG message, an attacker could exploit this to
crash GnuPG or possibly even execute arbitrary code.

OSVersionArchitecturePackageVersionFilename
Ubuntu6.06noarchgnupg< 1.4.2.2-1ubuntu2.1UNKNOWN
Ubuntu5.10noarchgnupg< 1.4.1-1ubuntu1.3UNKNOWN
Ubuntu5.04noarchgnupg< 1.2.5-3ubuntu5.4UNKNOWN