Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-2362Out-of-bounds Write in Binutils

CWE-787Out-of-bounds Write7 documents7 sources
Severity
7.3HIGHNVD
EPSS
5.5%
top 9.74%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
GNU Binutils
Timeline
PublishedMay 15
Latest updateMay 1

Description

Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

NVDgnu/binutils< 2.17
Debiangnu/binutils< 2.17-1+3

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-vrm3-57g8-gwv8: Buffer overflow in getsym in tekhex2022-05-01
CVEList
CVE-2006-2362: Buffer overflow in getsym in tekhex2006-05-15
OSV
CVE-2006-2362: Buffer overflow in getsym in tekhex2006-05-15

💥Exploits & PoCs

1
Exploit-DB
GNU BinUtils 2.1x - Buffer Overflow2006-05-11

📋Vendor Advisories

2
Ubuntu
binutils vulnerability2006-06-09
Debian
CVE-2006-2362: binutils - Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU ...2006
CVE-2006-2362 — Out-of-bounds Write in GNU Binutils | cvebase