CVE-2006-0855Improper Restriction of Operations within the Bounds of a Memory Buffer in Dhesi ZOO

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
5.1MEDIUMNVD
EPSS
2.2%
top 15.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Rahul Dhesi ZOO
Timeline
PublishedFeb 23
Latest updateMay 1

Description

Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

NVDrahul_dhesi/zoo2.10

Patches

Patch: secunia.comPatch: secunia.comPatch: securitytracker.com

🔴Vulnerability Details

2
GHSA
GHSA-qh5m-qm4j-4q2w: Stack-based buffer overflow in the fullpath function in misc2022-05-01
CVEList
CVE-2006-0855: Stack-based buffer overflow in the fullpath function in misc2006-02-23
CVE-2006-0855 — Rahul Dhesi ZOO vulnerability | cvebase