Published: 19/09/2006 Updated: 17/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Unspecified vulnerability in gzip 1.3.5 allows context-dependent malicious users to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gzip gzip 1.3.5

Tavis Ormandy discovered that gzip did not sufficiently verify the validity of gzip or compress archives while unpacking By tricking an user or automated system into unpacking a specially crafted compressed file, this could be exploited to execute arbitrary code with the user’s privileges ...

Several vulnerabilities have been found in gzip, the GNU compression utilities The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2624 Thiemo Nagel discovered a missing input sanitation flaw in the way gzip used to decompress data blocks for dynamic Huffman codes, which could lead to the execution of arbi ...

Tavis Ormandy from the Google Security Team discovered several vulnerabilities in gzip, the GNU compression utility The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4334 A null pointer dereference may lead to denial of service if gzip is used in an automated manner CVE-2006-4335 Missing bou ...

NVD-CWE-Other http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676 http://www.redhat.com/support/errata/RHSA-2006-0667.html http://www.ubuntu.com/usn/usn-349-1 http://www.us.debian.org/security/2006/dsa-1181 http://security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852 http://secunia.com/advisories/22002 http://secunia.com/advisories/22009 http://secunia.com/advisories/22017 http://secunia.com/advisories/22033 http://secunia.com/advisories/22034 http://www.kb.cert.org/vuls/id/933712 http://secunia.com/advisories/22012 http://secunia.com/advisories/22043 http://security.gentoo.org/glsa/glsa-200609-13.xml http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html http://www.novell.com/linux/security/advisories/2006_56_gzip.html http://secunia.com/advisories/22085 http://secunia.com/advisories/22101 http://www.trustix.org/errata/2006/0052/http://secunia.com/advisories/22027 http://securitytracker.com/id?1016883 http://support.avaya.com/elmodocs2/security/ASA-2006-218.htm http://secunia.com/advisories/22435 ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://www.securityfocus.com/bid/20101 http://secunia.com/advisories/22661 http://secunia.com/advisories/22487 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://www.us-cert.gov/cas/techalerts/TA06-333A.html http://secunia.com/advisories/23155 http://secunia.com/advisories/21996 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102766-1 http://secunia.com/advisories/23679 https://issues.rpath.com/browse/RPL-615 http://secunia.com/advisories/24435 http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html http://secunia.com/advisories/24636 http://www.mandriva.com/security/advisories?name=MDKSA-2006:167 http://www.vupen.com/english/advisories/2006/4275 http://www.vupen.com/english/advisories/2007/0092 http://www.vupen.com/english/advisories/2006/4750 http://www.vupen.com/english/advisories/2007/0832 http://www.vupen.com/english/advisories/2007/1171 http://docs.info.apple.com/article.html?artnum=304829 https://exchange.xforce.ibmcloud.com/vulnerabilities/29038 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10527 http://www.securityfocus.com/archive/1/464268/100/0/threaded http://www.securityfocus.com/archive/1/462007/100/0/threaded http://www.securityfocus.com/archive/1/451324/100/0/threaded http://www.securityfocus.com/archive/1/450078/100/0/threaded http://www.securityfocus.com/archive/1/446426/100/0/threaded https://usn.ubuntu.com/349-1/https://nvd.nist.gov https://www.kb.cert.org/vuls/id/933712

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-4334

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect