cbcvebase.
CVE-2006-4024
published 2006-08-09

CVE-2006-4024: The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly…

PriorityP433high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.88%
91.0th percentile
The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow.

Affected

2 ranges
VendorProductVersion rangeFixed in
festalonfestalon<= 0.5.5
festalonfestalon
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.