CVE-2006-3251

hashcash < 1.20 - Heap-based Buffer Overflow via Crafted Entries

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the array_push function in hashcash.c for Hashcash before 1.21 might allow attackers to execute arbitrary code via crafted entries.

References (9)

Core 9
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2551
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27422
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20800
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21146
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200606-25.xml
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1114
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20846
Various Sources x_refsource_confirm
http://www.hashcash.org/source/CHANGELOG
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18659

Scores

EPSS 0.0359
EPSS Percentile 88.1%

Details

CWE
CWE-119
Status published
Products (21)
hashcash/hashcash 1.00
hashcash/hashcash 1.01
hashcash/hashcash 1.02
hashcash/hashcash 1.03
hashcash/hashcash 1.04
hashcash/hashcash 1.05
hashcash/hashcash 1.06
hashcash/hashcash 1.07
hashcash/hashcash 1.08
hashcash/hashcash 1.09
... and 11 more
Published Jun 27, 2006
Tracked Since Feb 18, 2026