CVE-2006-6335

3 documents3 sources

Severity

10.0CRITICAL

EPSS

15.2%

top 5.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sophos Sophos Anti-virus

Timeline

PublishedDec 12

Latest updateMay 1

Description

Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length calculation, and (2) a CPIO archive, with a long filename that is not null-terminated, which triggers a stack-based overflow in veex.dll.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDsophos/sophos_anti-virus2.3

Patches

Patch: www.zerodayinitiative.com ↗Patch: www.zerodayinitiative.com ↗Patch: www.zerodayinitiative.com ↗

🔴Vulnerability Details

GHSA

GHSA-jg3r-qfm3-5xmc: Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2↗2022-05-01

▶

CVEList

CVE-2006-6335: Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2↗2006-12-12

▶