CVE-2006-2362
Last modified
CVE-2006-2362 is a high-severity vulnerability rated 7.3/10 on the CVSS scale. Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.. EPSS estimates a 11.97% chance of exploitation in the next 30 days.
Description
Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Binutils | < 2.17 |
References
- http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.htmlMailing List, Third Party Advisory
- http://secunia.com/advisories/20188Third Party Advisory
- http://secunia.com/advisories/20531Third Party Advisory
- http://secunia.com/advisories/20550Third Party Advisory
- http://secunia.com/advisories/22932Third Party Advisory
- http://secunia.com/advisories/27441Third Party Advisory
- http://sourceware.org/bugzilla/show_bug.cgi?id=2584Exploit, Issue Tracking, Third Party Advisory
- http://www.mail-archive.com/bug-binutils%40gnu.org/msg01516.htmlIssue Tracking, Mailing List
- http://www.novell.com/linux/security/advisories/2006_26_sr.htmlThird Party Advisory
- http://www.securityfocus.com/bid/17950Exploit, Patch, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1018872Third Party Advisory, VDB Entry
- http://www.trustix.org/errata/2006/0034/Broken Link
- http://www.ubuntu.com/usn/usn-292-1Broken Link
- http://www.vupen.com/english/advisories/2006/1924Permissions Required
- http://www.vupen.com/english/advisories/2007/3665Permissions Required
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26644Third Party Advisory, VDB Entry
- http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.htmlMailing List, Third Party Advisory
- http://secunia.com/advisories/20188Third Party Advisory
- http://secunia.com/advisories/20531Third Party Advisory
- http://secunia.com/advisories/20550Third Party Advisory
- http://secunia.com/advisories/22932Third Party Advisory
- http://secunia.com/advisories/27441Third Party Advisory
- http://sourceware.org/bugzilla/show_bug.cgi?id=2584Exploit, Issue Tracking, Third Party Advisory
- http://www.mail-archive.com/bug-binutils%40gnu.org/msg01516.htmlIssue Tracking, Mailing List
- http://www.novell.com/linux/security/advisories/2006_26_sr.htmlThird Party Advisory
- http://www.securityfocus.com/bid/17950Exploit, Patch, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1018872Third Party Advisory, VDB Entry
- http://www.trustix.org/errata/2006/0034/Broken Link
- http://www.ubuntu.com/usn/usn-292-1Broken Link
- http://www.vupen.com/english/advisories/2006/1924Permissions Required
- http://www.vupen.com/english/advisories/2007/3665Permissions Required
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26644Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-2362?
How severe is CVE-2006-2362?
How do I fix CVE-2006-2362?
Are you affected by CVE-2006-2362?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST