CVE-2006-2362

Publication date 15 May 2006

Last updated 17 July 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

7.3 · High

Score breakdown

Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.

Status

Package Ubuntu Release Status
binutils 7.04 feisty
Fixed 2.17-1ubuntu1
6.10 edgy
Fixed 2.17-1ubuntu1
6.06 LTS dapper
Fixed 2.16.1cvs20060117-1ubuntu2.1

Severity score breakdown

Parameter Value
Base score 7.3 · High
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality Low
Integrity impact Low
Availability impact Low
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References

Related Ubuntu Security Notices (USN)

    • USN-292-1
    • binutils vulnerability
    • 9 June 2006

Other references