CVE-2006-4024
published 2006-08-09CVE-2006-4024: The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly…
PriorityP433high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.88%
91.0th percentile
The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| festalon | festalon | <= 0.5.5 | — |
| festalon | festalon | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Buffer Underwrite ('Buffer Underflow')
mitre_cwe
CWE-124 Buffer Underwrite ('Buffer Underflow')
CWE-124: Buffer Underwrite ('Buffer Underflow')
The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
Modes of Introduction:
Phase: Implementation
Note: This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.
Common Consequences:
Scope: Integrity, Availability. Impact: Modify Memory, DoS: Crash, Exit, or Restart. Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash.
Scope: Integrity, Confidentiality, Availability, Access Control, Other. Impact: Execute U
CWE
Access of Memory Location Before Start of Buffer
mitre_cwe
CWE-786 Access of Memory Location Before Start of Buffer
CWE-786: Access of Memory Location Before Start of Buffer
The product reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality. Impact: Read Memory. For an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffer's position in memory, this knowledge can be used to craft further attacks, possibly with more sev
http://aluigi.altervista.org/adv/festahc-adv.txthttp://secunia.com/advisories/21367http://www.securityfocus.com/bid/19402http://www.vupen.com/english/advisories/2006/3177http://aluigi.altervista.org/adv/festahc-adv.txthttp://secunia.com/advisories/21367http://www.securityfocus.com/bid/19402http://www.vupen.com/english/advisories/2006/3177
2006-08-09
Published