CVE-2006-4335
EPSS 3.6%
Description
Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability."
How to fix CVE-2006-4335
To remediate CVE-2006-4335, upgrade the affected package to a fixed version below.
- Debian/gzip—upgrade to 1.3.5-15 or later
Is CVE-2006-4335 being exploited?
Low — EPSS is 3.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.3.5-15