Vulnerability Details : CVE-2006-3746
Potential exploit
Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.
Vulnerability category: OverflowMemory CorruptionDenial of service
Products affected by CVE-2006-3746
- cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-3746
32.69%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3746
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
References for CVE-2006-3746
-
http://www.securityfocus.com/archive/1/442012/100/0/threaded
-
http://issues.rpath.com/browse/RPL-560
-
http://security.gentoo.org/glsa/glsa-200608-08.xml
GnuPG: Integer overflow vulnerability (GLSA 200608-08) — Gentoo security
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:141
Mandriva
-
http://www.vupen.com/english/advisories/2006/3123
Site en construction
-
http://www.redhat.com/support/errata/RHSA-2006-0615.html
Support
-
http://www.novell.com/linux/security/advisories/2006_20_sr.html
404 Page Not Found | SUSE
-
http://www.securityfocus.com/bid/19110
Exploit
-
http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg.CVE-2006-3746.diff?bug=381204;msg=15;att=1
-
http://lwn.net/Alerts/194228/
Trustix alert TSLSA-2006-0044 (apache, gnupg, libtiff) [LWN.net]
-
http://securitytracker.com/id?1016622
GoDaddy Domain Name Search
-
http://support.avaya.com/elmodocs2/security/ASA-2006-164.htm
ASA-2006-164 (RHSA-2006-0615)
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/28220
GnuPG parse_comment() integer overflow CVE-2006-3746 Vulnerability Report
-
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200502
200502 – (CVE-2006-3746) CVE-2006-3746 GnuPG Parse_Comment Remote Buffer OverflowExploit
-
http://www.debian.org/security/2006/dsa-1140
[SECURITY] [DSA 1140-1] New GnuPG packages fix denial of service
-
http://lists.immunitysec.com/pipermail/dailydave/2006-July/003354.html
Exploit
-
http://www.gossamer-threads.com/lists/gnupg/devel/37623
Carbon60: Managed Cloud Services
-
http://www.securityfocus.com/archive/1/442621/100/100/threaded
-
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11347
404 Not Found
-
http://www.ubuntu.com/usn/usn-332-1
USN-332-1: gnupg vulnerability | Ubuntu security notices | Ubuntu
-
http://www.debian.org/security/2006/dsa-1141
[SECURITY] [DSA 1141-1] New GnuPG2 packages fix denial of service
Jump to