CVE-2006-4438

critical

Description

Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name.

References

http://www.vupen.com/english/advisories/2006/3719

http://www.securityfocus.com/bid/20119

http://secunia.com/advisories/22019

http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049552.html

Details

Source: Mitre, NVD

Published: 2006-09-20

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.03797

Detections

Analytics