Vulnerability Description
Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gzip | Gzip | 1.3.5 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676
- http://docs.info.apple.com/article.html?artnum=304829
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
- http://secunia.com/advisories/21996
- http://secunia.com/advisories/22002
- http://secunia.com/advisories/22009Vendor Advisory
- http://secunia.com/advisories/22012PatchVendor Advisory
- http://secunia.com/advisories/22017Vendor Advisory
- http://secunia.com/advisories/22027
- http://secunia.com/advisories/22033Vendor Advisory
- http://secunia.com/advisories/22034Vendor Advisory
- http://secunia.com/advisories/22043PatchVendor Advisory
- http://secunia.com/advisories/22085
- http://secunia.com/advisories/22101
FAQ
What is CVE-2006-4336?
CVE-2006-4336 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative inde...
How severe is CVE-2006-4336?
CVE-2006-4336 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4336?
Check the references section above for vendor advisories and patch information. Affected products include: Gzip Gzip.