Unrated severityNVD Advisory· Published Dec 7, 2006· Updated Apr 23, 2026
CVE-2006-6235
CVE-2006-6235
Description
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
Affected products
31cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.9.15:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:1.9.20:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:privacy_guard:2.0.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:fedora_core:core6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
35- secunia.com/advisories/23245nvdPatchVendor Advisory
- secunia.com/advisories/23250nvdPatchVendor Advisory
- secunia.com/advisories/23255nvdPatchVendor Advisory
- secunia.com/advisories/23269nvdPatchVendor Advisory
- www.ubuntu.com/usn/usn-393-1nvdPatch
- www.redhat.com/support/errata/RHSA-2006-0754.htmlnvdVendor Advisory
- www.securityfocus.com/bid/21462nvdVendor Advisory
- www.kb.cert.org/vuls/id/427009nvdUS Government Resource
- patches.sgi.com/support/free/security/advisories/20061201-01-P.ascnvd
- lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.htmlnvd
- lists.suse.com/archive/suse-security-announce/2006-Dec/0004.htmlnvd
- secunia.com/advisories/23259nvd
- secunia.com/advisories/23284nvd
- secunia.com/advisories/23290nvd
- secunia.com/advisories/23299nvd
- secunia.com/advisories/23303nvd
- secunia.com/advisories/23329nvd
- secunia.com/advisories/23335nvd
- secunia.com/advisories/23513nvd
- secunia.com/advisories/24047nvd
- security.gentoo.org/glsa/glsa-200612-03.xmlnvd
- securitytracker.com/idnvd
- support.avaya.com/elmodocs2/security/ASA-2007-047.htmnvd
- www.debian.org/security/2006/dsa-1231nvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2006_28_sr.htmlnvd
- www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.htmlnvd
- www.securityfocus.com/archive/1/453664/100/0/threadednvd
- www.securityfocus.com/archive/1/453723/100/0/threadednvd
- www.trustix.org/errata/2006/0070nvd
- www.ubuntu.com/usn/usn-393-2nvd
- www.vupen.com/english/advisories/2006/4881nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/30711nvd
- issues.rpath.com/browse/RPL-835nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245nvd
News mentions
0No linked articles in our index yet.