Vulnerability Description
Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gzip | Gzip | 1.3.5 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676
- http://docs.info.apple.com/article.html?artnum=304829
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
- http://secunia.com/advisories/21996
- http://secunia.com/advisories/22002PatchVendor Advisory
- http://secunia.com/advisories/22009PatchVendor Advisory
- http://secunia.com/advisories/22012PatchVendor Advisory
- http://secunia.com/advisories/22017PatchVendor Advisory
- http://secunia.com/advisories/22027
- http://secunia.com/advisories/22033PatchVendor Advisory
- http://secunia.com/advisories/22034PatchVendor Advisory
- http://secunia.com/advisories/22043PatchVendor Advisory
- http://secunia.com/advisories/22085
- http://secunia.com/advisories/22101
FAQ
What is CVE-2006-4337?
CVE-2006-4337 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.
How severe is CVE-2006-4337?
CVE-2006-4337 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4337?
Check the references section above for vendor advisories and patch information. Affected products include: Gzip Gzip.