CVE-2006-6235

Description

A stack overwrite vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

Risk Information

Base Score

9.8

MODERATE

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

8.898

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2006-6235 are affected in Gpg4win 1.0.7	Windows
Vulnerabilities CVE-2003-0978,CVE-2006-0049,CVE-2006-0455,CVE-2006-6235 are affected in GNU Privacy Guard (x64) 1.3.3	Windows
Vulnerabilities CVE-2006-0049,CVE-2006-0455,CVE-2006-6235 are affected in GNU Privacy Guard (x64) 1.2.4	Windows
Vulnerabilities CVE-2006-0049,CVE-2006-0455,CVE-2006-6235 are affected in GNU Privacy Guard (x64) 1.2.5	Windows
Vulnerabilities CVE-2006-0049,CVE-2006-0455,CVE-2006-6235 are affected in GNU Privacy Guard (x64) 1.2.6	Windows
Vulnerabilities CVE-2006-0049,CVE-2006-0455,CVE-2006-6235 are affected in GNU Privacy Guard (x64) 1.2.7	Windows
Vulnerabilities CVE-2006-0049,CVE-2006-0455,CVE-2006-6235 are affected in GNU Privacy Guard (x64) 1.3.4	Windows
Vulnerabilities CVE-2006-0049,CVE-2006-0455,CVE-2006-6235 are affected in GNU Privacy Guard (x64) 1.4	Windows
Vulnerabilities CVE-2006-0049,CVE-2006-0455,CVE-2006-6235 are affected in GNU Privacy Guard (x64) 1.4.1	Windows
Vulnerabilities CVE-2006-0049,CVE-2006-0455,CVE-2006-6235 are affected in GNU Privacy Guard (x64) 1.4.2	Windows
Vulnerabilities CVE-2006-0049,CVE-2006-6235 are affected in GNU Privacy Guard (x64) 1.4.2.1	Windows
Vulnerabilities CVE-2006-6235 are affected in GNU Privacy Guard (x64) 1.4.2.2	Windows
Vulnerabilities CVE-2006-6235 are affected in GNU Privacy Guard (x64) 1.4.3	Windows
Vulnerabilities CVE-2006-6235 are affected in GNU Privacy Guard (x64) 1.4.4	Windows
Vulnerabilities CVE-2006-6235 are affected in GNU Privacy Guard (x64) 1.4.5	Windows
Vulnerabilities CVE-2006-6235 are affected in GNU Privacy Guard (x64) 1.9.10	Windows
Vulnerabilities CVE-2006-6235 are affected in GNU Privacy Guard (x64) 1.9.15	Windows
Vulnerabilities CVE-2006-6235 are affected in GNU Privacy Guard (x64) 1.9.20	Windows
Vulnerabilities CVE-2006-6235 are affected in GNU Privacy Guard (x64) 2.0	Windows
Vulnerabilities CVE-2006-6235 are affected in GNU Privacy Guard (x64) 2.0.1	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-348274	Gpg4win (4.4.1)
PATCH-355070	GNU Privacy Guard (x64) (2.5.16)
PATCH-355070	GNU Privacy Guard (x64) (2.5.16)
PATCH-355070	GNU Privacy Guard (x64) (2.5.16)
PATCH-355070	GNU Privacy Guard (x64) (2.5.16)
PATCH-355070	GNU Privacy Guard (x64) (2.5.16)
PATCH-355070	GNU Privacy Guard (x64) (2.5.16)
PATCH-355070	GNU Privacy Guard (x64) (2.5.16)
PATCH-355070	GNU Privacy Guard (x64) (2.5.16)
PATCH-355070	GNU Privacy Guard (x64) (2.5.16)
PATCH-355070	GNU Privacy Guard (x64) (2.5.16)
PATCH-355070	GNU Privacy Guard (x64) (2.5.16)
PATCH-355070	GNU Privacy Guard (x64) (2.5.16)
PATCH-355070	GNU Privacy Guard (x64) (2.5.16)
PATCH-355070	GNU Privacy Guard (x64) (2.5.16)
PATCH-355070	GNU Privacy Guard (x64) (2.5.16)
PATCH-355070	GNU Privacy Guard (x64) (2.5.16)
PATCH-355070	GNU Privacy Guard (x64) (2.5.16)
PATCH-355070	GNU Privacy Guard (x64) (2.5.16)
PATCH-355070	GNU Privacy Guard (x64) (2.5.16)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234