CVE-2002-0059

Severity

75%

Complexity

99%

Confidentiality

106%

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

GNU zlib

First reported 22 years ago

2002-03-15 05:00:00

Last updated 6 years ago

2018-05-03 01:29:00

Affected Software

GNU zlib 1.0

1.0

GNU zlib 1.0.1

1.0.1

GNU zlib 1.0.2

1.0.2

GNU zlib 1.0.3

1.0.3

GNU zlib 1.0.4

1.0.4

GNU zlib 1.0.5

1.0.5

GNU zlib 1.0.6

1.0.6

GNU zlib 1.0.7

1.0.7

GNU zlib 1.0.8

1.0.8

GNU zlib 1.0.9

1.0.9

GNU zlib 1.1

1.1

GNU zlib 1.1.1

1.1.1

GNU zlib 1.1.2

1.1.2

GNU zlib 1.1.3

1.1.3

References

CSSA-2002-015.1

CLA-2002:469

MDKSA-2002:022

CSSA-2002-014.1

CA-2002-07

US Government Resource

DSA-122

VU#368819

US Government Resource

MDKSA-2002:023

Patch, Vendor Advisory

MDKSA-2002:024

RHSA-2002:026

Patch, Vendor Advisory

RHSA-2002:027

Patch, Vendor Advisory

4267

HPSBTL0204-030

HPSBTL0204-036

HPSBTL0204-037

zlib-doublefree-memory-corruption(8427)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.