PT-2006-5147 · Gnu+2 · Gzip+2

Tavis Ormandy

Published

2006-09-19

Updated

2024-06-15

CVE-2006-4338

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions gzip version 1.3.5

Description The issue allows context-dependent attackers to cause a denial of service, resulting in an infinite loop, via a crafted GZIP archive. This is due to a problem in the unlzh.c file within the LHZ component of gzip.

Recommendations For gzip version 1.3.5, consider avoiding the use of crafted GZIP archives until a patch is available. As a temporary workaround, restrict the processing of GZIP archives from untrusted sources to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4338

DSA-1181-1

HPSBUX02195

OPENSUSE-SU-2024:10440-1

RHSA-2006:0667

RHSA-2006_0667

Affected Products

Hp-Ux

Red Hat

Gzip

PT-2006-5147 · Gnu+2 · Gzip+2

CVE-2006-4338

Related Identifiers

Affected Products

References · 77