| Vulnerability Name: | CVE-2006-2362 (CCN-26644) | ||||||||
| Assigned: | 2006-05-15 | ||||||||
| Published: | 2006-05-15 | ||||||||
| Updated: | 2020-01-29 | ||||||||
| Summary: | Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-2362 Source: CCN Type: Apple Web site About the security content of Xcode Tools 2.5 Source: APPLE Type: Mailing List, Third Party Advisory APPLE-SA-2007-10-30 Source: CCN Type: Apple Product Security Mailing List, Tue, 30 Oct 2007 15:13:10 -0700 APPLE-SA-2007-10-30 Xcode 2.5 Developer Tools Source: CCN Type: SA20188 GNU Binutils libbfd TekHex Record Handling Vulnerability Source: SECUNIA Type: Third Party Advisory 20188 Source: SECUNIA Type: Third Party Advisory 20531 Source: SECUNIA Type: Third Party Advisory 20550 Source: SECUNIA Type: Third Party Advisory 22932 Source: CCN Type: SA27441 Apple Xcode Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 27441 Source: CCN Type: SECTRACK ID: 1018872 Apple Xcode Bugs Let Local Users Gain System Privileges Source: CCN Type: Sourceware Bugzilla Bug 2584 SIGSEGV in strings tool when the file is crafted. Source: CONFIRM Type: Exploit, Issue Tracking, Third Party Advisory http://sourceware.org/bugzilla/show_bug.cgi?id=2584 Source: CCN Type: GNU Web site Binutils Source: MLIST Type: Exploit, Third Party Advisory [bug-binutils] 20060418 [Bug binutils/2584] New: SIGSEGV in strings tool when the file is crafted. Source: SUSE Type: Third Party Advisory SUSE-SR:2006:026 Source: CCN Type: OpenPKG-SA-2006.009 GNU Binutils Source: CCN Type: OSVDB ID: 25711 GNU Binutils libbfd Malformed TekHex Record Processing Overflow Source: BID Type: Exploit, Patch, Third Party Advisory, VDB Entry 17950 Source: CCN Type: BID-17950 GNU BinUtils Buffer Overflow Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1018872 Source: TRUSTIX Type: Broken Link 2006-0034 Source: CCN Type: USN-292-1 binutils vulnerability Source: UBUNTU Type: Broken Link USN-292-1 Source: VUPEN Type: Permissions Required ADV-2006-1924 Source: VUPEN Type: Permissions Required ADV-2007-3665 Source: XF Type: Third Party Advisory, VDB Entry binutils-libbfd-bo(26644) Source: XF Type: UNKNOWN binutils-libbfd-bo(26644) Source: SUSE Type: SUSE-SR:2006:026 SUSE Security Summary Report | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||