1. CVE-Search
  2. CVE-2006-2362
ID CVE-2006-2362
Summary Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:binutils:-:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:-:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.10.1a:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.10.1a:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.11:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.11.2a:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.11.2a:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.12:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.12.1a:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.12.1a:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.13:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.13.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.13.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.13.2.1a:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.13.2.1a:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.14:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.14a:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.14a:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.15:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.15a:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.15a:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:binutils:2.16.1a:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.16.1a:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 22-12-2023 - 17:15)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
apple APPLE-SA-2007-10-30
bid 17950
confirm http://sourceware.org/bugzilla/show_bug.cgi?id=2584
mlist [bug-binutils] 20060418 [Bug binutils/2584] New: SIGSEGV in strings tool when the file is crafted.
sectrack 1018872
secunia
  • 20188
  • 20531
  • 20550
  • 22932
  • 27441
suse SUSE-SR:2006:026
trustix 2006-0034
ubuntu USN-292-1
vupen
  • ADV-2006-1924
  • ADV-2007-3665
xf binutils-libbfd-bo(26644)
Last major update 22-12-2023 - 17:15
Published 15-05-2006 - 16:06
Last modified 22-12-2023 - 17:15
Back to Top