Lucene search
UbuntuUSN-349-1HistorySep 20, 2006 - 12:00 a.m.
gzip vulnerabilities
2006-09-2000:00:00
ubuntu.com
88
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.1
Confidence
Low
EPSS
0.082
Percentile
94.4%
Releases
- Ubuntu 6.06
- Ubuntu 5.10
- Ubuntu 5.04
Details
Tavis Ormandy discovered that gzip did not sufficiently verify the
validity of gzip or compress archives while unpacking. By tricking an
user or automated system into unpacking a specially crafted compressed
file, this could be exploited to execute arbitrary code with the
userâs privileges.
Related
nessus
nessus
SuSE 10 Security Update : gzip (ZYPP Patch Number 2085)
2007-12-13 00:00:00
Ubuntu 5.04 / 5.10 / 6.06 LTS : gzip vulnerabilities (USN-349-1)
2007-11-10 00:00:00
CentOS 3 / 4 : gzip (CESA-2006:0667)
2006-09-22 00:00:00
redhat
redhat
(RHSA-2006:0667) gzip security update
2006-09-19 00:00:00
securityvulns
securityvulns
FreeBSD Security Advisory FreeBSD-SA-06:21.gzip
2006-09-19 00:00:00
Multiple gzip security vulnerabilities
2007-03-07 00:00:00
centos
centos
gzip security update
2006-09-19 14:54:11
gzip security update
2006-09-19 23:19:38
freebsd
freebsd
gzip -- multiple vulnerabilities
2006-09-19 00:00:00
debian
debian
[SECURITY] [DSA 1181-1] New gzip packages fix arbitrary code execution
2006-09-19 19:19:34
[SECURITY] [DSA 1974-1] New gzip packages fix arbitrary code execution
2010-01-20 14:16:48
openvas
openvas
Solaris Update for SunFreeware gzip 120720-02
2009-06-03 00:00:00
Gentoo Security Advisory GLSA 200609-13 (gzip)
2008-09-24 00:00:00
Debian: Security Advisory (DSA-1181-1)
2023-03-08 00:00:00
gentoo
gentoo
gzip: Multiple vulnerabilities
2006-09-23 00:00:00
LHa: Multiple vulnerabilities
2006-11-28 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-06:21.gzip
2006-09-19 00:00:00
suse
suse
remote system compromise in gzip
2006-09-26 13:43:14
osv
osv
gzip
2006-09-19 00:00:00
gzip - arbitrary code execution
2010-01-20 00:00:00
oraclelinux
oraclelinux
Moderate gzip security update
2006-11-30 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package lha version 2:1.14i-alt2
2007-04-15 00:00:00
slackware
slackware
[slackware-security] gzip
2006-09-19 21:15:29
cvelist
cvelist
veracode
veracode
Buffer Underflow
2020-04-10 00:15:01
Arbitrary Code Execution
2020-04-10 00:15:00
Denial Of Service (DoS)
2020-04-10 00:15:00
nvd
nvd
ubuntucve
ubuntucve
debiancve
debiancve
cert
cert
gzip contains a buffer underflow
2006-09-19 00:00:00
gzip NULL dereference in huft_build()
2006-09-19 00:00:00
gzip contains an array out-of-bounds vulnerability in make_table()
2006-09-19 00:00:00
cve
cve
checkpoint_advisories
checkpoint_advisories
GNU gzip LZH Decompression make_table Stack Modification (CVE-2006-4335)
2010-03-31 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: lha-1.14i-20
2007-05-31 13:12:41
prion
prion
Design/Logic Flaw
2010-01-29 18:30:00
Design/Logic Flaw
2007-05-31 23:30:00
seebug
seebug
Apple Mac OS X 2006-007ććšć€äžȘćźć
šæŒæŽ
2006-11-29 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.1
Confidence
Low
EPSS
0.082
Percentile
94.4%
Related for USN-349-1