CVE-2006-2362

CVSS 7.3 HIGHEPSS 12.0%CWE-787

Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/27856unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html http://secunia.com/advisories/20188 http://secunia.com/advisories/20531 http://secunia.com/advisories/20550 http://secunia.com/advisories/22932 http://secunia.com/advisories/27441 https://exchange.xforce.ibmcloud.com/vulnerabilities/26644 http://sourceware.org/bugzilla/show_bug.cgi?id=2584 http://www.mail-archive.com/bug-binutils%40gnu.org/msg01516.html http://www.novell.com/linux/security/advisories/2006_26_sr.html http://www.securityfocus.com/bid/17950 http://www.securitytracker.com/id?1018872