Search for vulnerabilities
Vulnerability details: VCID-f39q-urf2-aaas
Vulnerability ID VCID-f39q-urf2-aaas
Aliases CVE-2006-6235
Summary A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2006:0754
epss 0.05229 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.05229 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.05229 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.05424 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.05424 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.05424 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.05424 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.05424 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.05424 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.05424 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.05424 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.05424 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.05424 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.05424 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.08582 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
epss 0.14478 https://api.first.org/data/v1/epss?cve=CVE-2006-6235
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1618242
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2006-6235
Reference id Reference type URL
ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html
http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-6235.json
https://api.first.org/data/v1/epss?cve=CVE-2006-6235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
http://secunia.com/advisories/23245
http://secunia.com/advisories/23250
http://secunia.com/advisories/23255
http://secunia.com/advisories/23259
http://secunia.com/advisories/23269
http://secunia.com/advisories/23284
http://secunia.com/advisories/23290
http://secunia.com/advisories/23299
http://secunia.com/advisories/23303
http://secunia.com/advisories/23329
http://secunia.com/advisories/23335
http://secunia.com/advisories/23513
http://secunia.com/advisories/24047
http://security.gentoo.org/glsa/glsa-200612-03.xml
http://securitytracker.com/id?1017349
https://exchange.xforce.ibmcloud.com/vulnerabilities/30711
https://issues.rpath.com/browse/RPL-835
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245
http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm
http://www.debian.org/security/2006/dsa-1231
http://www.kb.cert.org/vuls/id/427009
http://www.mandriva.com/security/advisories?name=MDKSA-2006:228
http://www.novell.com/linux/security/advisories/2006_28_sr.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html
http://www.redhat.com/support/errata/RHSA-2006-0754.html
http://www.securityfocus.com/archive/1/453664/100/0/threaded
http://www.securityfocus.com/archive/1/453723/100/0/threaded
http://www.securityfocus.com/bid/21462
http://www.trustix.org/errata/2006/0070
http://www.ubuntu.com/usn/usn-393-1
http://www.ubuntu.com/usn/usn-393-2
http://www.vupen.com/english/advisories/2006/4881
1618242 https://bugzilla.redhat.com/show_bug.cgi?id=1618242
401894 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=401894
cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:privacy_guard:1.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.4.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:privacy_guard:1.4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.4.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:privacy_guard:1.4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.4.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:privacy_guard:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.4.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:privacy_guard:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.4.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:privacy_guard:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.9.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:privacy_guard:1.9.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.9.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:privacy_guard:1.9.15:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:1.9.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:privacy_guard:1.9.20:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:privacy_guard:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:privacy_guard:2.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:privacy_guard:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gpg4win:gpg4win:1.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gpg4win:gpg4win:1.0.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:core6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:fedora_core:core6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*
cpe:2.3:o:rpath:linux:1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:rpath:linux:1:*:*:*:*:*:*:*
cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:*:*:*:*:*:*
CVE-2006-6235 https://nvd.nist.gov/vuln/detail/CVE-2006-6235
GLSA-200612-03 https://security.gentoo.org/glsa/200612-03
RHSA-2006:0754 https://access.redhat.com/errata/RHSA-2006:0754
USN-393-1 https://usn.ubuntu.com/393-1/
USN-393-2 https://usn.ubuntu.com/393-2/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2006-6235
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.92904
EPSS Score 0.05229
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.