Vulnerability DatabaseCVE-2006-6169
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2006-6169
November 29, 2006
Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.
Related ResourcesĀ (35)
http://www.redhat.com/support/errata/RHSA-2006-0754.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11228
http://www.mandriva.com/security/advisories?name=MDKSA-2006:221
http://secunia.com/advisories/23161
http://secunia.com/advisories/23299
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html
https://bugs.g10code.com/gnupg/issue728
http://www.ubuntu.com/usn/usn-389-1
http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm
http://secunia.com/advisories/23513
http://www.debian.org/security/2006/dsa-1231
http://www.vupen.com/english/advisories/2006/4736
ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc
http://secunia.com/advisories/23269
http://www.securityfocus.com/archive/1/452829/100/0/threaded
http://securitytracker.com/id?1017291
http://www.ubuntu.com/usn/usn-393-2
http://secunia.com/advisories/23303
http://security.gentoo.org/glsa/glsa-200612-03.xml
http://secunia.com/advisories/24047
http://www.trustix.org/errata/2006/0068/
http://www.securityfocus.com/archive/1/453253/100/100/threaded
http://secunia.com/advisories/23110
http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html
http://www.securityfocus.com/bid/21306
https://people.canonical.com/~ubuntu-security/cve/CVE-2006-6169
http://securityreason.com/securityalert/1927
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html
http://secunia.com/advisories/23094
https://exchange.xforce.ibmcloud.com/vulnerabilities/30550
http://secunia.com/advisories/23250
http://secunia.com/advisories/23171
https://issues.rpath.com/browse/RPL-826
http://secunia.com/advisories/23284
http://secunia.com/advisories/23146
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
6.8
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
EPSS
Base Score:
2.65