CVE-2006-4335

2006-09-1900:00:00

ubuntu.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.3%

JSON

Array index error in the make_table function in unlzh.c in the LZH
decompression component in gzip 1.3.5, when running on certain platforms,
allows context-dependent attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a crafted GZIP archive that triggers an
out-of-bounds write, aka a “stack modification vulnerability.”

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchgzip< 1.3.5-12ubuntu0.1UNKNOWN
ubuntu6.10noarchgzip< 1.3.5-14ubuntu1UNKNOWN
ubuntu7.04noarchgzip< 1.3.5-14ubuntu1UNKNOWN
ubuntu7.10noarchgzip< 1.3.5-14ubuntu1UNKNOWN
ubuntu8.04noarchgzip< 1.3.5-14ubuntu1UNKNOWN
ubuntu8.10noarchgzip< 1.3.5-14ubuntu1UNKNOWN
ubuntu9.04noarchgzip< 1.3.5-14ubuntu1UNKNOWN
ubuntu9.10noarchgzip< 1.3.5-14ubuntu1UNKNOWN
ubuntu7.04noarchlha< 1.14i-10.1UNKNOWN
ubuntu7.10noarchlha< 1.14i-10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	gzip	< 1.3.5-12ubuntu0.1	UNKNOWN
ubuntu	6.10	noarch	gzip	< 1.3.5-14ubuntu1	UNKNOWN
ubuntu	7.04	noarch	gzip	< 1.3.5-14ubuntu1	UNKNOWN
ubuntu	7.10	noarch	gzip	< 1.3.5-14ubuntu1	UNKNOWN
ubuntu	8.04	noarch	gzip	< 1.3.5-14ubuntu1	UNKNOWN
ubuntu	8.10	noarch	gzip	< 1.3.5-14ubuntu1	UNKNOWN
ubuntu	9.04	noarch	gzip	< 1.3.5-14ubuntu1	UNKNOWN
ubuntu	9.10	noarch	gzip	< 1.3.5-14ubuntu1	UNKNOWN
ubuntu	7.04	noarch	lha	< 1.14i-10.1	UNKNOWN
ubuntu	7.10	noarch	lha	< 1.14i-10.1	UNKNOWN