[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250053

 
 

909

 
 

195940

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-1168Date: (C)2006-08-14   (M)2023-12-22


The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
-1016836
-19455
20060901-01-P
-21427
-21434
-21437
-21467
-21880
-22036
-22296
-22377
ADV-2006-3234
DSA-1149
GLSA-200610-03
MDKSA-2006:140
MDVSA-2012:129
RHSA-2006:0663
RHSA-2012:0810
SUSE-SR:2006:020
http://bugs.gentoo.org/show_bug.cgi?id=141728
http://downloads.avaya.com/css/P8/documents/100158840
http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm
https://bugzilla.redhat.com/show_bug.cgi?id=728536
ncompress-decompress-underflow(28315)
oval:org.mitre.oval:def:9373

OVAL    8
oval:org.secpod.oval:def:1601288
oval:org.secpod.oval:def:500753
oval:org.secpod.oval:def:500835
oval:org.secpod.oval:def:302947
...

© SecPod Technologies