9.8
CVE-2002-0059
- EPSS 9.51%
- Veröffentlicht 15.03.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:56:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.51% | 0.948 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-415 Double Free
The product calls free() twice on the same memory address.
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022
http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
http://www.cert.org/advisories/CA-2002-07.html
http://www.debian.org/security/2002/dsa-122
http://www.kb.cert.org/vuls/id/368819
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
http://www.redhat.com/support/errata/RHSA-2002-026.html
http://www.redhat.com/support/errata/RHSA-2002-027.html
http://www.securityfocus.com/bid/4267
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037
https://exchange.xforce.ibmcloud.com/vulnerabilities/8427