7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.031 Low
EPSS
Percentile
90.8%
The gzip program contains a buffer underflow vulnerability that may allow an attacker to execute arbitrary code, or create a denial-of-service condition.
The gzip program is used to compress and decompress archived files.
A buffer underflow vulnerability exists in gzip. An attacker may be able to exploit this vulnerability by convincing a user to open a specially crafted gzip file.
Note that the attacker could either convince a user to open a malicious gzip file, or save the file in a place where another program would call gzip to decompress the archive.
A remote, unauthenticated attacker may be able to execute arbitrary code, or create a denial-of-service condition.
Upgrade
This issue has been addressed in gzip 1.3.6. See the systems affected section of this document for information about specific vendors.
**Workarounds **Until updates can be applied, the following workarounds may mitigate the impact of this vulnerability:
* Do not decompress gzip files that are received from unknown sources.
* Do not execute gzip with system-level privileges.
* Some automated processes may rely on gzip to complete their tasks. When possible, disable such programs or do not allow them to execute gzip with root privileges.
554780
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: September 08, 2006 Updated: December 05, 2006
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
See <http://docs.info.apple.com/article.html?artnum=304829> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23554780 Feedback>).
Updated: October 04, 2006
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
See <http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00274.html> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23554780 Feedback>).
Notified: September 08, 2006 Updated: September 29, 2006
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
See <http://security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23554780 Feedback>).
Notified: September 08, 2006 Updated: September 20, 2006
Affected
These bugs have been fixed in the gzip package included in Openwall GNU/*/Linux (Owl) -current and 2.0-stable as of 2006/09/19.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 20, 2006
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
See <http://rhn.redhat.com/errata/RHSA-2006-0667.html> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23554780 Feedback>).
Notified: September 08, 2006 Updated: September 25, 2006
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
See http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852 for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23554780 Feedback>).
Notified: September 08, 2006 Updated: September 22, 2006
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
See <http://www.ubuntu.com/usn/usn-349-1> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23554780 Feedback>).
Notified: September 08, 2006 Updated: July 27, 2007
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: July 22, 2011
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 18, 2006
Not Affected
Global Technology Associates, Inc. has examined this issue and is pleased to report this issue does not impact any versions (current and past) of the GTA firewall products.
To report potential security vulnerabilities in GTA products, send an E-mail message to: [email protected].
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 20, 2006
Not Affected
Hitachi HI-UX/WE2 is NOT Vulnerable to this issue.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 20, 2006
Statement Date: September 20, 2006
Not Affected
Intoto products do not use gzip component in any of its products, so the gzip vulnerabilities documented in this CERT vulnerability note do not affect Intoto products.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: March 07, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
See <http://software.fujitsu.com/jp/security/vulnerabilities/vu381508-9337> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23554780 Feedback>).
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 08, 2006 Updated: September 08, 2006
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 98 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Tavis Ormandy, Google Security Team for reporting this issue.
This document was written by Ryan Giobbi.
CVE IDs: | CVE-2006-4336 |
---|---|
Severity Metric: | 1.57 Date Public: |