paul Posted September 21, 2006 Report Share Posted September 21, 2006 NULL Dereference (CVE-2006-4334) A stack modification vulnerability (where a stack buffer can be modified out of bounds, but not in the traditional stack overrun sense) exists in the LZH decompression support of gzip. (CVE-2006-4335) A .bss buffer underflow exists in gzip's pack support, where a loop from build_tree() does not enforce any lower bound while constructing the prefix table. (CVE-2006-4336) A .bss buffer overflow vulnerability exists in gzip's LZH support, due to it's inability to handle exceptional input in the make_table() function, a pathological decoding table can be constructed in such a way as to generate counts so high that the rapid growth of `nextcode` exceeds the size of the table[] buffer. (CVE-2006-4337) A possible infinite loop exists in code from unlzh.c for traversing the branches of a tree structure. This makes it possible to disrupt the operation of automated systems relying on gzip for data decompression, resulting in a minor DoS. (CVE-2006-4338) Updated packages have been patched to address these issues. Link to comment Share on other sites More sharing options...
Recommended Posts