CVE-2006-2362

HIGH

GNU Binutils < 2.17 - Out-of-Bounds Write

Title source: rule

Description

Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Jesus Olmos Gonzalez · textdoslinux

https://www.exploit-db.com/exploits/27856

View Code ZIP pw:eip

References (16)

Core 16

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20188

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20550

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22932

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27441

Broken Link vendor-advisory x_refsource_trustix

http://www.trustix.org/errata/2006/0034/

Exploit, Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/17950

Issue Tracking, Mailing List mailing-list x_refsource_mlist

http://www.mail-archive.com/bug-binutils%40gnu.org/msg01516.html

Permissions Required vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/3665

Third Party Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2006_26_sr.html

Permissions Required vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/1924

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1018872

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20531

Broken Link vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-292-1

Mailing List, Third Party Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/26644

Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm

http://sourceware.org/bugzilla/show_bug.cgi?id=2584

Scores

CVSS v3 7.3

EPSS 0.0551

EPSS Percentile 90.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-787

Status published

Products (1)

gnu/binutils < 2.17

Published May 15, 2006

Tracked Since Feb 18, 2026