// For flags

CVE-2006-1168

ncompress: .bss buffer underflow in decompression

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.

La función decompress en compress42.c en (1) ncompress 4.2.4 y (2) liblzw permite a atacantes remotos provocar una denegación de servicio (caída), y posiblemente ejecutar código de su elección, mediante datos manipulados que llevan a un desbordamiento inferior de búfer.

Multiple vulnerabilities have been found in BusyBox, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.21.0 are affected.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-03-12 CVE Reserved
  • 2006-08-14 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-04-02 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (27)
URL Tag Source
http://bugs.gentoo.org/show_bug.cgi?id=141728 X_refsource_misc
http://downloads.avaya.com/css/P8/documents/100158840 X_refsource_confirm
http://secunia.com/advisories/21427 Third Party Advisory
http://secunia.com/advisories/21434 Third Party Advisory
http://secunia.com/advisories/21437 Third Party Advisory
http://secunia.com/advisories/21467 Third Party Advisory
http://secunia.com/advisories/21880 Third Party Advisory
http://secunia.com/advisories/22036 Third Party Advisory
http://secunia.com/advisories/22296 Third Party Advisory
http://secunia.com/advisories/22377 Third Party Advisory
http://securitytracker.com/id?1016836 Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm X_refsource_confirm
http://www.securityfocus.com/bid/19455 Vdb Entry
http://www.vupen.com/english/advisories/2006/3234 Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=728536 X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/28315 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9373 Signature
URL Date SRC
URL Date SRC
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc 2023-11-07
http://rhn.redhat.com/errata/RHSA-2012-0810.html 2023-11-07
http://security.gentoo.org/glsa/glsa-200610-03.xml 2023-11-07
http://www.debian.org/security/2006/dsa-1149 2023-11-07
http://www.mandriva.com/security/advisories?name=MDKSA-2006:140 2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2012:129 2023-11-07
http://www.novell.com/linux/security/advisories/2006_20_sr.html 2023-11-07
http://www.redhat.com/support/errata/RHSA-2006-0663.html 2023-11-07
https://access.redhat.com/security/cve/CVE-2006-1168 2012-06-19
https://bugzilla.redhat.com/show_bug.cgi?id=201919 2012-06-19
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ncompress
Search vendor "Ncompress"
 Ncompress
Search vendor "Ncompress" for product "Ncompress"
 4.2.4
Search vendor "Ncompress" for product "Ncompress" and version "4.2.4"
-
Affected