Vulnerability Details : CVE-2006-4146
Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.
Vulnerability category: OverflowExecute code
Products affected by CVE-2006-4146
- cpe:2.3:a:gnu:gdb:6.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-4146
0.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-4146
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
CWE ids for CVE-2006-4146
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2006-4146
-
Red Hat 2009-06-01Updates to address this issue are available for Red Hat Enterprise Linux 3 and 4: https://rhn.redhat.com/cve/CVE-2006-4146.html Red Hat Enterprise Linux 5 was not vulnerable to this issue as it contained a backported patch.
References for CVE-2006-4146
-
http://docs.info.apple.com/article.html?artnum=304669
-
http://securitytracker.com/id?1017138
Access Denied
-
http://www.vupen.com/english/advisories/2007/3229
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.redhat.com/support/errata/RHSA-2007-0229.html
Support
-
http://www.vupen.com/english/advisories/2006/3433
Site en construction
-
http://security.gentoo.org/glsa/glsa-200711-23.xml
VMware Workstation and Player: Multiple vulnerabilities (GLSA 200711-23) — Gentoo security
-
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
-
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204841
204841 – CVE-2006-4146 GDB buffer overflowPatch
-
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
[Full-Disclosure] Mailing List Charter
-
http://www.securityfocus.com/bid/19802
-
http://www.vupen.com/english/advisories/2006/4283
Site en construction
-
http://www.ubuntu.com/usn/usn-356-1
USN-356-1: gdb vulnerability | Ubuntu security notices | Ubuntu
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10463
404 Not Found
-
http://support.avaya.com/elmodocs2/security/ASA-2007-253.htm
ASA-2007-253 (RHSA-2007-0229)
-
http://www.redhat.com/support/errata/RHSA-2007-0469.html
Support
-
http://lists.apple.com/archives/security-announce/2006/Oct/msg00000.html
Apple - Lists.apple.com
Jump to