Vulnerability Description
Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gzip | Gzip | 1.3.5 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676
- http://docs.info.apple.com/article.html?artnum=304829
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
- http://secunia.com/advisories/21996
- http://secunia.com/advisories/22002
- http://secunia.com/advisories/22009
- http://secunia.com/advisories/22012
- http://secunia.com/advisories/22017
- http://secunia.com/advisories/22027
- http://secunia.com/advisories/22033
- http://secunia.com/advisories/22034
- http://secunia.com/advisories/22043
- http://secunia.com/advisories/22085
- http://secunia.com/advisories/22101
FAQ
What is CVE-2006-4335?
CVE-2006-4335 is a vulnerability with a CVSS score of 7.5 (HIGH). Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of ser...
How severe is CVE-2006-4335?
CVE-2006-4335 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4335?
Check the references section above for vendor advisories and patch information. Affected products include: Gzip Gzip.