CVE-2006-3082

GnuPG < 1.9.20 - Denial of Service via Large Message Packet Length

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3082. PoCs published by Evgeny Legerov.

AI-analyzed exploit summary This exploit leverages a buffer overflow vulnerability in GnuPG by feeding malformed input via a Perl one-liner. The payload is designed to trigger the overflow, potentially allowing arbitrary code execution, though this has not been confirmed.

Description

parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Evgeny Legerov · textdoslinux

https://www.exploit-db.com/exploits/28077

View Code ZIP pw:eip

This exploit leverages a buffer overflow vulnerability in GnuPG by feeding malformed input via a Perl one-liner. The payload is designed to trigger the overflow, potentially allowing arbitrary code execution, though this has not been confirmed.

Classification

Working Poc 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: GnuPG versions 1.4.3 and 1.9.20

No auth needed

Prerequisites: GnuPG installed and accessible via command line

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (33)

Core 33

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20899

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10089

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20968

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20881

Various Sources x_refsource_confirm

http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/438751/100/0/threaded

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20783

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2006/dsa-1107

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20811

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2006_18_sr.html

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/lists/fulldisclosure/2006/May/0782.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21063

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21135

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20829

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/2450

Vendor Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/lists/fulldisclosure/2006/May/0789.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20801

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/lists/fulldisclosure/2006/May/0774.html

Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/18554

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/304-1/

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2006_38_security.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2006-0571.html

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2006:110

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2006/dsa-1115

Vendor Advisory vendor-advisory x_refsource_openpkg

http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.010.html

Vendor Advisory vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21137

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21143

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21585

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1016519

Vendor Advisory vendor-advisory x_refsource_slackware

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.457382

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/27245

Scores

EPSS 0.0717

EPSS Percentile 93.5%

Details

CWE

CWE-189

Status published

Products (2)

gnupg/gnupg 1.4.3

gnupg/gnupg < 1.9.20

Published Jun 19, 2006

Tracked Since Feb 18, 2026