CVE-2006-6235

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

Published: 2006-12-07 Last update: 2026-04-23 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2006-6235 is rated High Risk (72.6/100): CVSS Critical severity, with high exploitation likelihood (EPSS 8.90%, 92th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2006-6235

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-07-26 8.58% 8.90% +0.32%
2 2025-03-30 14.48% 8.58% -5.90%
3 2025-03-29 14.48%

Full EPSS history (14 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2006-6235

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
10.0 2.0 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 10.0 10.0 [email protected]

Weakness enumeration for CVE-2006-6235

OS Trackers for CVE-2006-6235

vendor priority summary link
alpine CVE-2006-6235: no source package rows; 0 state rows across 0 repos (none); fixed 0, open 0. https://security.alpinelinux.org/vuln/CVE-2006-6235
debian high CVE-2006-6235 high priority: Debian including 1 source packages (gnupg2), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2006-6235
gentoo normal CVE-2006-6235: 1 GLSA(s) (200612-03), 1 atom(s) (app-crypt/gnupg); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2006-6235
redhat high https://access.redhat.com/security/cve/CVE-2006-6235
ubuntu medium CVE-2006-6235 medium priority: Ubuntu including 2 source packages (gnupg, gnupg2), 18 status rows across 9 suites (dapper, edgy, feisty, gutsy, hardy, intrepid, jaunty, karmic, upstream): released 15, needs-triage 2, ignored 1. https://ubuntu.com/security/CVE-2006-6235

Vendor comments (NVD) for CVE-2006-6235

  • Red Hat (2007-03-14T00:00:00)

    Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Affected software / configurations for CVE-2006-6235

Vendor Product Version Raw CPE
gnu privacy_guard 1.2.4 cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*
gnu privacy_guard 1.2.5 cpe:2.3:a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:*
gnu privacy_guard 1.2.6 cpe:2.3:a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:*
gnu privacy_guard 1.2.7 cpe:2.3:a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:*
gnu privacy_guard 1.3.3 cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*
gnu privacy_guard 1.3.4 cpe:2.3:a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:*
gnu privacy_guard 1.4 cpe:2.3:a:gnu:privacy_guard:1.4:*:*:*:*:*:*:*
gnu privacy_guard 1.4.1 cpe:2.3:a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:*
gnu privacy_guard 1.4.2 cpe:2.3:a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:*
gnu privacy_guard 1.4.2.1 cpe:2.3:a:gnu:privacy_guard:1.4.2.1:*:*:*:*:*:*:*
gnu privacy_guard 1.4.2.2 cpe:2.3:a:gnu:privacy_guard:1.4.2.2:*:*:*:*:*:*:*
gnu privacy_guard 1.4.3 cpe:2.3:a:gnu:privacy_guard:1.4.3:*:*:*:*:*:*:*
gnu privacy_guard 1.4.4 cpe:2.3:a:gnu:privacy_guard:1.4.4:*:*:*:*:*:*:*
gnu privacy_guard 1.4.5 cpe:2.3:a:gnu:privacy_guard:1.4.5:*:*:*:*:*:*:*
gnu privacy_guard 1.9.10 cpe:2.3:a:gnu:privacy_guard:1.9.10:*:*:*:*:*:*:*
gnu privacy_guard 1.9.15 cpe:2.3:a:gnu:privacy_guard:1.9.15:*:*:*:*:*:*:*
gnu privacy_guard 1.9.20 cpe:2.3:a:gnu:privacy_guard:1.9.20:*:*:*:*:*:*:*
gnu privacy_guard 2.0 cpe:2.3:a:gnu:privacy_guard:2.0:*:*:*:*:*:*:*
gnu privacy_guard 2.0.1 cpe:2.3:a:gnu:privacy_guard:2.0.1:*:*:*:*:*:*:*
gpg4win gpg4win 1.0.7 cpe:2.3:a:gpg4win:gpg4win:1.0.7:*:*:*:*:*:*:*
redhat enterprise_linux 4.0 cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
redhat enterprise_linux 4.0 cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*
redhat enterprise_linux 4.0 cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*
redhat enterprise_linux_desktop 3.0 cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
redhat enterprise_linux_desktop 4.0 cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
redhat fedora_core core_5.0 cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:*
redhat fedora_core core6 cpe:2.3:o:redhat:fedora_core:core6:*:*:*:*:*:*:*
redhat linux_advanced_workstation 2.1 cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*
rpath linux 1 cpe:2.3:o:rpath:linux:1:*:*:*:*:*:*:*
slackware slackware_linux 11.0 cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*
ubuntu ubuntu_linux 5.10 cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:*:*:*:*:*:*
ubuntu ubuntu_linux 6.06 cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:*:*:*:*:*:*

References for CVE-2006-6235

URL Tags
ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html
http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html
http://secunia.com/advisories/23245 Patch Vendor Advisory
http://secunia.com/advisories/23250 Patch Vendor Advisory
http://secunia.com/advisories/23255 Patch Vendor Advisory
http://secunia.com/advisories/23259
http://secunia.com/advisories/23269 Patch Vendor Advisory
http://secunia.com/advisories/23284
http://secunia.com/advisories/23290
http://secunia.com/advisories/23299
http://secunia.com/advisories/23303
http://secunia.com/advisories/23329
http://secunia.com/advisories/23335
http://secunia.com/advisories/23513
http://secunia.com/advisories/24047
http://security.gentoo.org/glsa/glsa-200612-03.xml
http://securitytracker.com/id?1017349
http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm
http://www.debian.org/security/2006/dsa-1231
http://www.kb.cert.org/vuls/id/427009 US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:228
http://www.novell.com/linux/security/advisories/2006_28_sr.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html
http://www.redhat.com/support/errata/RHSA-2006-0754.html Vendor Advisory
http://www.securityfocus.com/archive/1/453664/100/0/threaded
http://www.securityfocus.com/archive/1/453723/100/0/threaded
http://www.securityfocus.com/bid/21462 Vendor Advisory
http://www.trustix.org/errata/2006/0070
http://www.ubuntu.com/usn/usn-393-1 Patch
http://www.ubuntu.com/usn/usn-393-2
http://www.vupen.com/english/advisories/2006/4881
https://exchange.xforce.ibmcloud.com/vulnerabilities/30711
https://issues.rpath.com/browse/RPL-835
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245
cvelogic Threat Intelligence