Vulnerability CVE-2006-4335: Information

Description

Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability."

Severity: HIGH (7.5)

URL: https://nvd.nist.gov/vuln/detail/CVE-2006-4335
Published: Sept. 20, 2006
Modified: Oct. 18, 2018

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676
    RHSA-2006:0667
      USN-349-1
        DSA-1181
          FreeBSD-SA-06:21
            SSA:2006-262
              22002
                22009
                  22017
                    22033
                      22034
                        VU#381508
                        • US Government Resource
                        22012
                          22043
                            GLSA-200609-13
                              OpenPKG-SA-2006.020
                                SUSE-SA:2006:056
                                  22085
                                    22101
                                      2006-0052
                                        22027
                                          1016883
                                            http://support.avaya.com/elmodocs2/security/ASA-2006-218.htm
                                              22435
                                                20061001-01-P
                                                  20101
                                                    22661
                                                      22487
                                                        APPLE-SA-2006-11-28
                                                          GLSA-200611-24
                                                            TA06-333A
                                                            • US Government Resource
                                                            23153
                                                              23155
                                                                23156
                                                                  21996
                                                                    102766
                                                                      23679
                                                                        https://issues.rpath.com/browse/RPL-615
                                                                          24435
                                                                            http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html
                                                                              24636
                                                                                MDKSA-2006:167
                                                                                  ADV-2006-3695
                                                                                    ADV-2006-4760
                                                                                      ADV-2006-4275
                                                                                        ADV-2007-0092
                                                                                          ADV-2006-4750
                                                                                            ADV-2007-0832
                                                                                              ADV-2007-1171
                                                                                                http://docs.info.apple.com/article.html?artnum=304829
                                                                                                  gzip-lzh-array-code-execution(29040)
                                                                                                    oval:org.mitre.oval:def:10391
                                                                                                      20070330 VMSA-2007-0002 VMware ESX security updates
                                                                                                        HPSBUX02195
                                                                                                          FLSA:211760
                                                                                                            HPSBTU02168
                                                                                                              20060919 rPSA-2006-0170-1 gzip

                                                                                                                  1. Configuration 1

                                                                                                                    cpe:2.3:a:gzip:gzip:1.3.5:*:*:*:*:*:*:*
                                                                                                                VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                                                                                                                Version: v24.4.2
                                                                                                                Back to top