Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0059

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0059
Last Modified 10 Sep 2008 03:11:10
Published 15 Mar 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0059

Summary

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

Vulnerable Systems

Application

  • Gnu Zlib 1.0

  • Gnu Zlib 1.0.1

  • Gnu Zlib 1.0.2

  • Gnu Zlib 1.0.3

  • Gnu Zlib 1.0.4

  • Gnu Zlib 1.0.5

  • Gnu Zlib 1.0.6

  • Gnu Zlib 1.0.7

  • Gnu Zlib 1.0.8

  • Gnu Zlib 1.0.9

  • Gnu Zlib 1.1

  • Gnu Zlib 1.1.1

  • Gnu Zlib 1.1.2

  • Gnu Zlib 1.1.3


References

CERT-VN - VU#368819

CERT - CA-2002-07

REDHAT - RHSA-2002:027

REDHAT - RHSA-2002:026

MANDRAKE - MDKSA-2002:023

XF - zlib-doublefree-memory-corruption(8427)

HP - HPSBTL0204-037

HP - HPSBTL0204-036

HP - HPSBTL0204-030

BID - 4267

MANDRAKE - MDKSA-2002:024

DEBIAN - DSA-122

CALDERA - CSSA-2002-014.1

MANDRAKE - MDKSA-2002:022

CONECTIVA - CLA-2002:469

CALDERA - CSSA-2002-015.1


Last Updated: 27 May 2016 10:36:46