ByteOS Network

Source-cve@mitre.org

Published At-27 Jun, 2006 | 18:05

Updated At-03 Apr, 2025 | 01:03

Heap-based buffer overflow in the array_push function in hashcash.c for Hashcash before 1.21 might allow attackers to execute arbitrary code via crafted entries.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

hashcash>>hashcash>>Versions up to 1.20(inclusive)

cpe:2.3:a:hashcash:hashcash:*:*:*:*:*:*:*:*

hashcash>>hashcash>>1.00

cpe:2.3:a:hashcash:hashcash:1.00:*:*:*:*:*:*:*

hashcash>>hashcash>>1.01

cpe:2.3:a:hashcash:hashcash:1.01:*:*:*:*:*:*:*

hashcash>>hashcash>>1.02

cpe:2.3:a:hashcash:hashcash:1.02:*:*:*:*:*:*:*

hashcash>>hashcash>>1.03

cpe:2.3:a:hashcash:hashcash:1.03:*:*:*:*:*:*:*

hashcash>>hashcash>>1.04

cpe:2.3:a:hashcash:hashcash:1.04:*:*:*:*:*:*:*

hashcash>>hashcash>>1.05

cpe:2.3:a:hashcash:hashcash:1.05:*:*:*:*:*:*:*

hashcash>>hashcash>>1.06

cpe:2.3:a:hashcash:hashcash:1.06:*:*:*:*:*:*:*

hashcash>>hashcash>>1.07

cpe:2.3:a:hashcash:hashcash:1.07:*:*:*:*:*:*:*

hashcash>>hashcash>>1.08

cpe:2.3:a:hashcash:hashcash:1.08:*:*:*:*:*:*:*

hashcash>>hashcash>>1.09

cpe:2.3:a:hashcash:hashcash:1.09:*:*:*:*:*:*:*

hashcash>>hashcash>>1.10

cpe:2.3:a:hashcash:hashcash:1.10:*:*:*:*:*:*:*

hashcash>>hashcash>>1.11

cpe:2.3:a:hashcash:hashcash:1.11:*:*:*:*:*:*:*

hashcash>>hashcash>>1.12

cpe:2.3:a:hashcash:hashcash:1.12:*:*:*:*:*:*:*

hashcash>>hashcash>>1.13

cpe:2.3:a:hashcash:hashcash:1.13:*:*:*:*:*:*:*

hashcash>>hashcash>>1.14

cpe:2.3:a:hashcash:hashcash:1.14:*:*:*:*:*:*:*

hashcash>>hashcash>>1.15

cpe:2.3:a:hashcash:hashcash:1.15:*:*:*:*:*:*:*

hashcash>>hashcash>>1.16

cpe:2.3:a:hashcash:hashcash:1.16:*:*:*:*:*:*:*

hashcash>>hashcash>>1.17

cpe:2.3:a:hashcash:hashcash:1.17:*:*:*:*:*:*:*

hashcash>>hashcash>>1.18

cpe:2.3:a:hashcash:hashcash:1.18:*:*:*:*:*:*:*

hashcash>>hashcash>>1.19

cpe:2.3:a:hashcash:hashcash:1.19:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-119	Primary	nvd@nist.gov

CWE ID: CWE-119

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://secunia.com/advisories/20800	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/20846	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/21146	cve@mitre.org	Vendor Advisory
http://www.debian.org/security/2006/dsa-1114	cve@mitre.org	N/A
http://www.gentoo.org/security/en/glsa/glsa-200606-25.xml	cve@mitre.org	N/A
http://www.hashcash.org/source/CHANGELOG	cve@mitre.org	N/A
http://www.securityfocus.com/bid/18659	cve@mitre.org	Patch
http://www.vupen.com/english/advisories/2006/2551	cve@mitre.org	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27422	cve@mitre.org	N/A
http://secunia.com/advisories/20800	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/20846	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/21146	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.debian.org/security/2006/dsa-1114	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.gentoo.org/security/en/glsa/glsa-200606-25.xml	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.hashcash.org/source/CHANGELOG	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/18659	af854a3a-2127-422b-91ae-364da2661108	Patch
http://www.vupen.com/english/advisories/2006/2551	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27422	af854a3a-2127-422b-91ae-364da2661108	N/A