CVE-2006-6235

Name of the Vulnerable Software and Affected Versions GnuPG versions 1.x before 1.4.6 GnuPG versions 2.x before 2.0.2 GnuPG versions 1.9.0 through 1.9.95

Description The issue concerns multiple vulnerabilities in the gpg package that can lead to breaches in confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerability in GnuPG allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

Recommendations For GnuPG versions 1.x before 1.4.6, update to version 1.4.6 or later. For GnuPG versions 2.x before 2.0.2, update to version 2.0.2 or later. For GnuPG versions 1.9.0 through 1.9.95, update to a version outside of this range, such as version 1.4.6 or later, or version 2.0.2 or later.