Unrated severityNVD Advisory· Published Mar 13, 2006· Updated Apr 16, 2026
CVE-2006-0049
CVE-2006-0049
Description
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
Affected products
24cpe:2.3:a:gnu:privacy_guard:1.0:*:*:*:*:*:*:*+ 23 more
- cpe:2.3:a:gnu:privacy_guard:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.0.3b:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.2.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4.2.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
31- lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.htmlnvdPatchVendor Advisory
- secunia.com/advisories/19173nvdPatchVendor Advisory
- securitytracker.com/idnvdPatch
- www.debian.org/security/2006/dsa-993nvdPatchVendor Advisory
- www.gentoo.org/security/en/glsa/glsa-200603-08.xmlnvdPatchVendor Advisory
- www.osvdb.org/23790nvdPatch
- www.securityfocus.com/bid/17058nvdPatch
- patches.sgi.com/support/free/security/advisories/20060401-01-Unvd
- lists.suse.de/archive/suse-security-announce/2006-Mar/0003.htmlnvd
- secunia.com/advisories/19197nvd
- secunia.com/advisories/19203nvd
- secunia.com/advisories/19231nvd
- secunia.com/advisories/19232nvd
- secunia.com/advisories/19234nvd
- secunia.com/advisories/19244nvd
- secunia.com/advisories/19249nvd
- secunia.com/advisories/19287nvd
- secunia.com/advisories/19532nvd
- securityreason.com/securityalert/450nvd
- securityreason.com/securityalert/568nvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0266.htmlnvd
- www.securityfocus.com/archive/1/427324/100/0/threadednvd
- www.securityfocus.com/archive/1/433931/100/0/threadednvd
- www.slackware.com/security/viewer.phpnvd
- www.trustix.org/errata/2006/0014nvd
- www.vupen.com/english/advisories/2006/0915nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/25184nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063nvd
- usn.ubuntu.com/264-1/nvd
News mentions
0No linked articles in our index yet.