Unrated severityNVD Advisory· Published Sep 19, 2006· Updated Apr 16, 2026

CVE-2006-4336

Description

Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.

Affected products

Gzip/Gzip
cpe:2.3:a:gzip:gzip:1.3.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/22012nvdPatchVendor Advisory
secunia.com/advisories/22043nvdPatchVendor Advisory
secunia.com/advisories/22009nvdVendor Advisory
secunia.com/advisories/22017nvdVendor Advisory
secunia.com/advisories/22033nvdVendor Advisory
secunia.com/advisories/22034nvdVendor Advisory
www.kb.cert.org/vuls/id/554780nvdUS Government Resource
www.us-cert.gov/cas/techalerts/TA06-333A.htmlnvdUS Government Resource
patches.sgi.com/support/free/security/advisories/20061001-01-P.ascnvd
bugzilla.redhat.com/bugzilla/show_bug.cginvd
docs.info.apple.com/article.htmlnvd
lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlnvd
secunia.com/advisories/21996nvd
secunia.com/advisories/22002nvd
secunia.com/advisories/22027nvd
secunia.com/advisories/22085nvd
secunia.com/advisories/22101nvd
secunia.com/advisories/22435nvd
secunia.com/advisories/22487nvd
secunia.com/advisories/22661nvd
secunia.com/advisories/23153nvd
secunia.com/advisories/23155nvd
secunia.com/advisories/23156nvd
secunia.com/advisories/23679nvd
secunia.com/advisories/24435nvd
secunia.com/advisories/24636nvd
security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.ascnvd
security.gentoo.org/glsa/glsa-200609-13.xmlnvd
securitytracker.com/idnvd
slackware.com/security/viewer.phpnvd
sunsolve.sun.com/search/document.donvd
support.avaya.com/elmodocs2/security/ASA-2006-218.htmnvd
www.gentoo.org/security/en/glsa/glsa-200611-24.xmlnvd
www.mandriva.com/security/advisoriesnvd
www.novell.com/linux/security/advisories/2006_56_gzip.htmlnvd
www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.htmlnvd
www.redhat.com/support/errata/RHSA-2006-0667.htmlnvd
www.securityfocus.com/archive/1/446426/100/0/threadednvd
www.securityfocus.com/archive/1/450078/100/0/threadednvd
www.securityfocus.com/archive/1/451324/100/0/threadednvd
www.securityfocus.com/archive/1/462007/100/0/threadednvd
www.securityfocus.com/archive/1/464268/100/0/threadednvd
www.securityfocus.com/bid/20101nvd
www.trustix.org/errata/2006/0052/nvd
www.ubuntu.com/usn/usn-349-1nvd
www.us.debian.org/security/2006/dsa-1181nvd
www.vmware.com/support/esx25/doc/esx-254-200702-patch.htmlnvd
www.vupen.com/english/advisories/2006/3695nvd
www.vupen.com/english/advisories/2006/4275nvd
www.vupen.com/english/advisories/2006/4750nvd
www.vupen.com/english/advisories/2006/4760nvd
www.vupen.com/english/advisories/2007/0092nvd
www.vupen.com/english/advisories/2007/0832nvd
www.vupen.com/english/advisories/2007/1171nvd
exchange.xforce.ibmcloud.com/vulnerabilities/29042nvd
issues.rpath.com/browse/RPL-615nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10140nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.011
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000