parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the –no-armor option.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gnupg | Gnupg | 1.4.3 | 1.4.3 |
Gnupg | Gnupg | * | 1.9.20 |