7.5

CVE-2006-2362

Exploit
Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuBinutils Version < 2.17
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.97% 0.956
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.3 3.9 3.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://secunia.com/advisories/22932
Third Party Advisory
http://www.novell.com/linux/security/advisories/2006_26_sr.html
Third Party Advisory
http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/20188
Third Party Advisory
http://secunia.com/advisories/20531
Third Party Advisory
http://secunia.com/advisories/20550
Third Party Advisory
http://secunia.com/advisories/27441
Third Party Advisory
http://sourceware.org/bugzilla/show_bug.cgi?id=2584
Third Party Advisory
Exploit
Issue Tracking
http://www.mail-archive.com/bug-binutils%40gnu.org/msg01516.html
Mailing List
Issue Tracking
http://www.securityfocus.com/bid/17950
Patch
Third Party Advisory
Exploit
VDB Entry
http://www.securitytracker.com/id?1018872
Third Party Advisory
VDB Entry
http://www.trustix.org/errata/2006/0034/
Broken Link
http://www.ubuntu.com/usn/usn-292-1
Broken Link
http://www.vupen.com/english/advisories/2006/1924
Permissions Required
http://www.vupen.com/english/advisories/2007/3665
Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/26644
Third Party Advisory
VDB Entry