Описание
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.
Отчет
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | busybox | Not affected | ||
| Red Hat Enterprise Linux 5 | ncompress | Not affected | ||
| Red Hat Enterprise Linux 6 | ncompress | Not affected | ||
| Red Hat Enterprise Linux 3 | ncompress | Fixed | RHSA-2006:0663 | 12.09.2006 |
| Red Hat Enterprise Linux 4 | ncompress | Fixed | RHSA-2006:0663 | 12.09.2006 |
| Red Hat Enterprise Linux 5 | busybox | Fixed | RHSA-2012:0308 | 21.02.2012 |
| Red Hat Enterprise Linux 6 | busybox | Fixed | RHSA-2012:0810 | 19.06.2012 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.1 Medium
CVSS2
Связанные уязвимости
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) ...
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS
5.1 Medium
CVSS2