The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
References
Configurations
History
20 Nov 2024, 23:38
Type | Values Removed | Values Added |
---|---|---|
References | () ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt - Broken Link | |
References | () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469 - Broken Link | |
References | () http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022 - Broken Link | |
References | () http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt - Broken Link | |
References | () http://www.cert.org/advisories/CA-2002-07.html - Third Party Advisory, US Government Resource | |
References | () http://www.debian.org/security/2002/dsa-122 - Broken Link | |
References | () http://www.kb.cert.org/vuls/id/368819 - Third Party Advisory, US Government Resource | |
References | () http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php - Broken Link, Patch, Vendor Advisory | |
References | () http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3 - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2002-026.html - Broken Link, Patch, Vendor Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2002-027.html - Broken Link, Patch, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/4267 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030 - Broken Link | |
References | () http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036 - Broken Link | |
References | () http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037 - Broken Link | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/8427 - Third Party Advisory, VDB Entry |
02 Feb 2024, 15:16
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-415 | |
References | (MANDRAKE) http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3 - Broken Link | |
References | (HP) http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037 - Broken Link | |
References | (BID) http://www.securityfocus.com/bid/4267 - Broken Link, Third Party Advisory, VDB Entry | |
References | (HP) http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030 - Broken Link | |
References | (MANDRAKE) http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022 - Broken Link | |
References | (CALDERA) ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt - Broken Link | |
References | (MANDRAKE) http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php - Broken Link, Patch, Vendor Advisory | |
References | (DEBIAN) http://www.debian.org/security/2002/dsa-122 - Broken Link | |
References | (CALDERA) http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt - Broken Link | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-027.html - Broken Link, Patch, Vendor Advisory | |
References | (CERT-VN) http://www.kb.cert.org/vuls/id/368819 - Third Party Advisory, US Government Resource | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/8427 - Third Party Advisory, VDB Entry | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-026.html - Broken Link, Patch, Vendor Advisory | |
References | (HP) http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036 - Broken Link | |
References | (CERT) http://www.cert.org/advisories/CA-2002-07.html - Third Party Advisory, US Government Resource | |
References | (CONECTIVA) http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469 - Broken Link | |
CPE | cpe:2.3:a:zlib:zlib:1.0.4:*:*:*:*:*:*:* cpe:2.3:a:zlib:zlib:1.0:*:*:*:*:*:*:* cpe:2.3:a:zlib:zlib:1.1.3:*:*:*:*:*:*:* cpe:2.3:a:zlib:zlib:1.0.2:*:*:*:*:*:*:* cpe:2.3:a:zlib:zlib:1.0.3:*:*:*:*:*:*:* cpe:2.3:a:zlib:zlib:1.0.6:*:*:*:*:*:*:* cpe:2.3:a:zlib:zlib:1.0.5:*:*:*:*:*:*:* cpe:2.3:a:zlib:zlib:1.1.2:*:*:*:*:*:*:* cpe:2.3:a:zlib:zlib:1.1:*:*:*:*:*:*:* cpe:2.3:a:zlib:zlib:1.1.1:*:*:*:*:*:*:* cpe:2.3:a:zlib:zlib:1.0.9:*:*:*:*:*:*:* cpe:2.3:a:zlib:zlib:1.0.8:*:*:*:*:*:*:* cpe:2.3:a:zlib:zlib:1.0.7:*:*:*:*:*:*:* |
cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:* |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
Information
Published : 2002-03-15 05:00
Updated : 2024-11-20 23:38
NVD link : CVE-2002-0059
Mitre link : CVE-2002-0059
CVE.ORG link : CVE-2002-0059
JSON object : View
Products Affected
zlib
- zlib
CWE
CWE-415
Double Free