Vulnerability Name: | CVE-2006-3251 (CCN-27422) |
Assigned: | 2006-06-26 |
Published: | 2006-06-26 |
Updated: | 2017-07-20 |
Summary: | Heap-based buffer overflow in the array_push function in hashcash.c for Hashcash before 1.21 might allow attackers to execute arbitrary code via crafted entries.
|
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): Low Availibility (A): Low |
|
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial | 7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial |
|
Vulnerability Type: | CWE-119
|
Vulnerability Consequences: | Gain Access |
References: | Source: MITRE Type: CNA CVE-2006-3251
Source: CCN Type: SA20800 Hashcash "array_push" Buffer Overflow Vulnerability
Source: SECUNIA Type: Vendor Advisory 20800
Source: SECUNIA Type: Vendor Advisory 20846
Source: SECUNIA Type: Vendor Advisory 21146
Source: DEBIAN Type: UNKNOWN DSA-1114
Source: DEBIAN Type: DSA-1114 hashcash -- buffer overflow
Source: CCN Type: GLSA-200606-25 Hashcash: Possible heap overflow
Source: GENTOO Type: UNKNOWN GLSA-200606-25
Source: CCN Type: Hashcash Web site Hashcash
Source: CONFIRM Type: UNKNOWN http://www.hashcash.org/source/CHANGELOG
Source: CCN Type: OSVDB ID: 26865 Hashcash array_push Function Overflow
Source: BID Type: Patch 18659
Source: CCN Type: BID-18659 Hashcash Remote Heap Buffer Overflow Vulnerability
Source: VUPEN Type: Vendor Advisory ADV-2006-2551
Source: XF Type: UNKNOWN hashcash-arraypush-bo(27422)
Source: XF Type: UNKNOWN hashcash-arraypush-bo(27422)
|
Vulnerable Configuration: | Configuration 1: cpe:/a:hashcash:hashcash:1.00:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:1.01:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:1.02:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:1.03:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:1.04:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:1.05:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:1.06:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:1.07:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:1.08:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:1.09:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:1.10:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:1.11:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:1.12:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:1.13:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:1.14:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:1.15:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:1.16:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:1.17:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:1.18:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:1.19:*:*:*:*:*:*:*OR cpe:/a:hashcash:hashcash:*:*:*:*:*:*:*:* (Version <= 1.20)
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |