CVE-2006-7095 — HIGH (10.0)

Q: How severe is CVE-2006-7095?

CVE-2006-7095 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-7095?

Check the references section above for vendor advisories and patch information. Affected products include: Klink Dim3.

Vulnerability Description

Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large data_len value, which is cast to a signed short and results in a buffer overflow.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Klink	Dim3	<= 1.5

References

http://aluigi.altervista.org/adv/dim3bof-adv.txtExploitVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26082
http://aluigi.altervista.org/adv/dim3bof-adv.txtExploitVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26082

FAQ

What is CVE-2006-7095?

CVE-2006-7095 is a vulnerability with a CVSS score of 10.0 (HIGH). Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and po...

How severe is CVE-2006-7095?

CVE-2006-7095 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-7095?

Check the references section above for vendor advisories and patch information. Affected products include: Klink Dim3.