CVE-2006-5647
published 2006-11-01CVE-2006-5647: Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a…
PriorityP336medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EXPLOIT
EPSS
20.56%
97.2th percentile
Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM file with a large name length in the CHM chunk header, aka "CHM name length memory consumption vulnerability."
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sophos | anti-virus | — | — |
| sophos | anti-virus | — | — |
| sophos | anti-virus | — | — |
| sophos | anti-virus | — | — |
| sophos | anti-virus | — | — |
| sophos | anti-virus | — | — |
| sophos | anti-virus | — | — |
| sophos | anti-virus | — | — |
| sophos | anti-virus | — | — |
| sophos | anti-virus | — | — |
| sophos | anti-virus | — | — |
| sophos | anti-virus | — | — |
| sophos | anti-virus | — | — |
| sophos | anti-virus | — | — |
| sophos | anti-virus | — | — |
| sophos | endpoint_security | <= 6.04 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Sophos Anti-Virus up to 6.0.4 memory corruption (EDB-2911 / XFDB-29924)
vuldb·2026-04-26·CVSS 6.4
CVE-2006-5647 [MEDIUM] Sophos Anti-Virus up to 6.0.4 memory corruption (EDB-2911 / XFDB-29924)
A vulnerability, which was classified as critical, has been found in Sophos Anti-Virus up to 6.0.4. This vulnerability affects unknown code. Performing a manipulation results in memory corruption.
This vulnerability is cataloged as CVE-2006-5647. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
It is advisable to upgrade the affected component.
GHSA
GHSA-28mj-jg9q-pj9c: Sophos Anti-Virus and Endpoint Security before 6
ghsa_unreviewed·2022-05-01
CVE-2006-5647 [MEDIUM] CWE-119 GHSA-28mj-jg9q-pj9c: Sophos Anti-Virus and Endpoint Security before 6
Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM file with a large name length in the CHM chunk header, aka "CHM name length memory consumption vulnerability."
No detection rules found.
No writeups or analysis indexed.
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=451http://secunia.com/advisories/22591http://securitytracker.com/id?1017132http://www.securityfocus.com/bid/20816http://www.sophos.com/support/knowledgebase/article/7609.htmlhttp://www.vupen.com/english/advisories/2006/4239http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=451http://secunia.com/advisories/22591http://securitytracker.com/id?1017132http://www.securityfocus.com/bid/20816http://www.sophos.com/support/knowledgebase/article/7609.htmlhttp://www.vupen.com/english/advisories/2006/4239
2006-11-01
Published