CVE-2006-6235

NameCVE-2006-6235
DescriptionA "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1231-1
Debian Bugs401894, 401895, 401898, 401913, 401914

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnupg2 (PTS)bullseye (security), bullseye2.2.27-2+deb11u2fixed
bookworm2.2.40-1.1fixed
trixie2.2.43-7fixed
sid2.2.43-8fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnupgsourcesarge1.4.1-1.sarge6DSA-1231-1
gnupgsource(unstable)1.4.6-1high401894, 401898, 401914
gnupg2source(unstable)2.0.0-5.2high401895, 401913
Search for package or bug name: Reporting problems