CVE-2006-2362

GNU BinUtils 2.1x - Buffer Overflow

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-05-11 First Exploit
2006-05-15 CVE Reserved
2006-05-15 CVE Published
2023-12-23 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (15)

URL	Tag	Source
http://secunia.com/advisories/20188	Third Party Advisory
http://secunia.com/advisories/20531	Third Party Advisory
http://secunia.com/advisories/20550	Third Party Advisory
http://secunia.com/advisories/22932	Third Party Advisory
http://secunia.com/advisories/27441	Third Party Advisory
http://www.mail-archive.com/bug-binutils%40gnu.org/msg01516.html	Issue Tracking
http://www.securitytracker.com/id?1018872	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26644	Third Party Advisory

URL	Date	SRC
https://www.exploit-db.com/exploits/27856	2006-05-11
http://sourceware.org/bugzilla/show_bug.cgi?id=2584	2024-08-07
http://www.securityfocus.com/bid/17950	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html	2023-12-22
http://www.novell.com/linux/security/advisories/2006_26_sr.html	2023-12-22
http://www.trustix.org/errata/2006/0034	2023-12-22
http://www.ubuntu.com/usn/usn-292-1	2023-12-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnu Search vendor "Gnu"		Binutils Search vendor "Gnu" for product "Binutils"				< 2.17 Search vendor "Gnu" for product "Binutils" and version " < 2.17"		-		Affected