Total vulnerabilities in the database
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
| Software | From | Fixed in |
|---|---|---|
| gnupg / gnupg | 1.4.3 | 1.4.3.x |
| gnupg / gnupg | - | 1.9.20.x |