CVE-2006-3251

Published: Jun 27, 2006Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Heap-based buffer overflow in the array_push function in hashcash.c for Hashcash before 1.21 might allow attackers to execute arbitrary code via crafted entries.

Affected (21)

Products: Hashcash: Hashcash

1 product

Configuration A

21 vulnerable

Vulnerable Software	Affected Versions
Hashcash Hashcash	Up to 1.20
Hashcash Hashcash	Version 1.00
Hashcash Hashcash	Version 1.01
Hashcash Hashcash	Version 1.02
Hashcash Hashcash	Version 1.03
Hashcash Hashcash	Version 1.04
Hashcash Hashcash	Version 1.05
Hashcash Hashcash	Version 1.06
Hashcash Hashcash	Version 1.07
Hashcash Hashcash	Version 1.08
Hashcash Hashcash	Version 1.09
Hashcash Hashcash	Version 1.10
Hashcash Hashcash	Version 1.11
Hashcash Hashcash	Version 1.12
Hashcash Hashcash	Version 1.13
Hashcash Hashcash	Version 1.14
Hashcash Hashcash	Version 1.15
Hashcash Hashcash	Version 1.16
Hashcash Hashcash	Version 1.17
Hashcash Hashcash	Version 1.18
Hashcash Hashcash	Version 1.19

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (18)

http://secunia.com/advisories/20800

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/20846

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21146

Source: cve@mitre.org

Vendor Advisory

http://www.debian.org/security/2006/dsa-1114

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200606-25.xml

Source: cve@mitre.org

http://www.hashcash.org/source/CHANGELOG

Source: cve@mitre.org

http://www.securityfocus.com/bid/18659

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2006/2551

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/27422

Source: cve@mitre.org

http://secunia.com/advisories/20800

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/20846

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/21146

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.debian.org/security/2006/dsa-1114

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.gentoo.org/security/en/glsa/glsa-200606-25.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.hashcash.org/source/CHANGELOG

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/18659

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.vupen.com/english/advisories/2006/2551

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/27422

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.