Gnu · Gnupg · CVE-2006-3082
**Name of the Vulnerable Software and Affected Versions**
GnuPG (gpg) versions 1.4.3 and 1.9.20, and earlier versions
**Description**
The issue allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow. This can be demonstrated using the --no-armor option.
**Recommendations**
For GnuPG (gpg) versions 1.4.3 and 1.9.20, and earlier versions, update to a newer version to mitigate the risk.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.