CVE-2006-4338

Name of the Vulnerable Software and Affected Versions gzip version 1.3.5

Description The issue allows context-dependent attackers to cause a denial of service, resulting in an infinite loop, via a crafted GZIP archive. This is due to a problem in the unlzh.c file within the LHZ component of gzip.

Recommendations For gzip version 1.3.5, consider avoiding the use of crafted GZIP archives until a patch is available. As a temporary workaround, restrict the processing of GZIP archives from untrusted sources to minimize the risk of exploitation.