CVE-2006-2362

HIGH

GNU Binutils < 2.17 - Buffer Overflow in TekHex Record Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2362. PoCs published by Jesus Olmos Gonzalez.

AI-analyzed exploit summary The provided text describes a buffer overflow vulnerability in GNU 'binutils' (CVE-2006-2362) affecting the 'strings' utility. It lacks executable exploit code but includes a URL-encoded payload snippet that may trigger the vulnerability.

Description

Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Jesus Olmos Gonzalez · textdoslinux

https://www.exploit-db.com/exploits/27856

View Code ZIP pw:eip

The provided text describes a buffer overflow vulnerability in GNU 'binutils' (CVE-2006-2362) affecting the 'strings' utility. It lacks executable exploit code but includes a URL-encoded payload snippet that may trigger the vulnerability.

Classification

Writeup 80%

Attack Type

Dos

Complexity

Trivial

Reliability

Theoretical

Target: GNU binutils (strings utility)

No auth needed

Prerequisites: A vulnerable version of GNU binutils

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (16)

Core 16

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20188

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20550

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22932

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27441

Broken Link vendor-advisory x_refsource_trustix

http://www.trustix.org/errata/2006/0034/

Exploit, Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/17950

Issue Tracking, Mailing List mailing-list x_refsource_mlist

http://www.mail-archive.com/bug-binutils%40gnu.org/msg01516.html

Permissions Required vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/3665

Third Party Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2006_26_sr.html

Permissions Required vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/1924

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1018872

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20531

Broken Link vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-292-1

Mailing List, Third Party Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/26644

Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm

http://sourceware.org/bugzilla/show_bug.cgi?id=2584

Scores

CVSS v3 7.3

EPSS 0.1197

EPSS Percentile 95.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-787

Status published

Products (1)

gnu/binutils < 2.17

Published May 15, 2006

Tracked Since Feb 18, 2026