Red Hat Bugzilla – Bug 195946
CVE-2006-3082 gnupg integer overflow
Last modified: 2007-11-30 17:11:35 EST
gnupg integer overflow
Text taken from MITRE:
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20 allows remote attackers
to cause a denial of service (gpg crash) and possibly overwrite memory
via a message packet with a large length, which could lead to an
integer overflow, as demonstrated using the --no-armor option.
This issue also affects FC4
gnupg-1.4.4-2 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
Updates were pushed, but this didn't get closed. Weird.