Lucene search

[email protected]CVE-2006-1356

HistoryMar 22, 2006 - 2:02 a.m.

CVE-2006-1356

2006-03-2202:02:00

[email protected]

web.nvd.nist.gov

cve-2006-1356

information security

buffer overflow

libvc

rolo

arbitrary code execution

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.4%

JSON

Stack-based buffer overflow in the count_vcards function in LibVC 3, as used in Rolo, allows user-assisted attackers to execute arbitrary code via a vCard file (e.g. contacts.vcf) containing a long line.

Affected configurations

NVD

Node

andrew_hsulibvcMatch3

andrew_hsuroloMatch11

CPENameOperatorVersion
andrew_hsu:libvcandrew hsu libvceq3
andrew_hsu:roloandrew hsu roloeq11

CPE	Name	Operator	Version
andrew_hsu:libvc	andrew hsu libvc	eq	3
andrew_hsu:rolo	andrew hsu rolo	eq	11

References

osvdb.org/ref/23/23985-libvc.txt

secunia.com/advisories/19295

www.osvdb.org/23985

www.securityfocus.com/bid/17237

exchange.xforce.ibmcloud.com/vulnerabilities/25430

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.4%

JSON

Related for CVE-2006-1356

debiancve1 nvd1 prion1 cvelist1 ubuntucve1