// For flags

CVE-2006-4338

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.

unlzh.c en el componente LHZ en gzip 1.3.5 permite a atacantes dependientes de contexto provocar una denegación de servicio (bucle infinito) vía un archivo GZIP artesanal.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-08-24 CVE Reserved
  • 2006-09-19 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (59)
URL Tag Source
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676 X_refsource_misc
http://docs.info.apple.com/article.html?artnum=304829 X_refsource_confirm
http://secunia.com/advisories/21996 Third Party Advisory
http://secunia.com/advisories/22027 Third Party Advisory
http://secunia.com/advisories/22085 Third Party Advisory
http://secunia.com/advisories/22101 Third Party Advisory
http://secunia.com/advisories/22435 Third Party Advisory
http://secunia.com/advisories/22487 Third Party Advisory
http://secunia.com/advisories/22661 Third Party Advisory
http://secunia.com/advisories/23153 Third Party Advisory
http://secunia.com/advisories/23155 Third Party Advisory
http://secunia.com/advisories/23156 Third Party Advisory
http://secunia.com/advisories/23679 Third Party Advisory
http://secunia.com/advisories/24435 Third Party Advisory
http://secunia.com/advisories/24636 Third Party Advisory
http://securitytracker.com/id?1016883 Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-218.htm X_refsource_confirm
http://www.osvdb.org/29008 Vdb Entry
http://www.securityfocus.com/archive/1/446426/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/464268/100/0/threaded Mailing List
http://www.securityfocus.com/bid/20101 Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA06-333A.html Third Party Advisory
http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html X_refsource_confirm
http://www.vupen.com/english/advisories/2006/3695 Vdb Entry
http://www.vupen.com/english/advisories/2006/4275 Vdb Entry
http://www.vupen.com/english/advisories/2006/4750 Vdb Entry
http://www.vupen.com/english/advisories/2006/4760 Vdb Entry
http://www.vupen.com/english/advisories/2007/0092 Vdb Entry
http://www.vupen.com/english/advisories/2007/0832 Vdb Entry
http://www.vupen.com/english/advisories/2007/1171 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/29046 Vdb Entry
https://issues.rpath.com/browse/RPL-615 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11290 Signature
URL Date SRC
URL Date SRC
http://secunia.com/advisories/22002 2018-10-17
http://secunia.com/advisories/22009 2018-10-17
http://secunia.com/advisories/22012 2018-10-17
http://secunia.com/advisories/22017 2018-10-17
http://secunia.com/advisories/22033 2018-10-17
http://secunia.com/advisories/22034 2018-10-17
http://secunia.com/advisories/22043 2018-10-17
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852 2018-10-17
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc 2018-10-17
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html 2018-10-17
http://security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc 2018-10-17
http://security.gentoo.org/glsa/glsa-200609-13.xml 2018-10-17
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102766-1 2018-10-17
http://www.gentoo.org/security/en/glsa/glsa-200611-24.xml 2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2006:167 2018-10-17
http://www.novell.com/linux/security/advisories/2006_56_gzip.html 2018-10-17
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html 2018-10-17
http://www.redhat.com/support/errata/RHSA-2006-0667.html 2018-10-17
http://www.securityfocus.com/archive/1/450078/100/0/threaded 2018-10-17
http://www.securityfocus.com/archive/1/451324/100/0/threaded 2018-10-17
http://www.securityfocus.com/archive/1/462007/100/0/threaded 2018-10-17
http://www.trustix.org/errata/2006/0052 2018-10-17
http://www.ubuntu.com/usn/usn-349-1 2018-10-17
http://www.us.debian.org/security/2006/dsa-1181 2018-10-17
https://access.redhat.com/security/cve/CVE-2006-4338 2006-09-19
https://bugzilla.redhat.com/show_bug.cgi?id=1618182 2006-09-19
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gzip
Search vendor "Gzip"
 Gzip
Search vendor "Gzip" for product "Gzip"
 1.3.5
Search vendor "Gzip" for product "Gzip" and version "1.3.5"
-
Affected