Lucene search

[email protected]CVE-2006-4337

HistorySep 19, 2006 - 9:07 p.m.

CVE-2006-4337

2006-09-1921:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-4337

buffer overflow

gzip

lhz

arbitrary code execution

security vulnerability

nvd

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.038 Low

EPSS

Percentile

91.8%

JSON

Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.

CPENameOperatorVersion
gzip:gzipgzipeq1.3.5

CPE	Name	Operator	Version
gzip:gzip	gzip	eq	1.3.5

References

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676

docs.info.apple.com/article.html?artnum=304829

lists.apple.com/archives/security-announce/2006/Nov/msg00001.html

secunia.com/advisories/21996

secunia.com/advisories/22002

secunia.com/advisories/22009

secunia.com/advisories/22012

secunia.com/advisories/22017

secunia.com/advisories/22027

secunia.com/advisories/22033

secunia.com/advisories/22034

secunia.com/advisories/22043

secunia.com/advisories/22085

secunia.com/advisories/22101

secunia.com/advisories/22435

secunia.com/advisories/22487

secunia.com/advisories/22661

secunia.com/advisories/23153

secunia.com/advisories/23155

secunia.com/advisories/23156

secunia.com/advisories/23679

secunia.com/advisories/24435

secunia.com/advisories/24636

security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc

security.gentoo.org/glsa/glsa-200609-13.xml

securitytracker.com/id?1016883

slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852

sunsolve.sun.com/search/document.do?assetkey=1-26-102766-1

support.avaya.com/elmodocs2/security/ASA-2006-218.htm

www.gentoo.org/security/en/glsa/glsa-200611-24.xml

www.mandriva.com/security/advisories?name=MDKSA-2006:167

www.novell.com/linux/security/advisories/2006_56_gzip.html

www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html

www.redhat.com/support/errata/RHSA-2006-0667.html

www.securityfocus.com/archive/1/446426/100/0/threaded

www.securityfocus.com/archive/1/450078/100/0/threaded

www.securityfocus.com/archive/1/451324/100/0/threaded

www.securityfocus.com/archive/1/462007/100/0/threaded

www.securityfocus.com/archive/1/464268/100/0/threaded

www.securityfocus.com/bid/20101

www.trustix.org/errata/2006/0052/

www.ubuntu.com/usn/usn-349-1

www.us-cert.gov/cas/techalerts/TA06-333A.html

www.us.debian.org/security/2006/dsa-1181

www.vmware.com/support/esx25/doc/esx-254-200702-patch.html

www.vupen.com/english/advisories/2006/3695

www.vupen.com/english/advisories/2006/4275

www.vupen.com/english/advisories/2006/4750

www.vupen.com/english/advisories/2006/4760

www.vupen.com/english/advisories/2007/0092

www.vupen.com/english/advisories/2007/0832

www.vupen.com/english/advisories/2007/1171

issues.rpath.com/browse/RPL-615

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11212

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.038 Low

EPSS

Percentile

91.8%

JSON

Related for CVE-2006-4337

debiancve1 veracode1 ubuntucve1 cert1 altlinux1 openvas18 nessus15 gentoo2 securityvulns3 redhat1 centos2 freebsd1 debian1 suse1 freebsd_advisory1 oraclelinux1 osv1 ubuntu1 slackware1 seebug1