9.8

CVE-2002-0059

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZlibZlib Version <= 1.1.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.51% 0.948
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-415 Double Free

The product calls free() twice on the same memory address.

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt
Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469
Broken Link
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022
Broken Link
http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
Broken Link
http://www.cert.org/advisories/CA-2002-07.html
Third Party Advisory
US Government Resource
http://www.debian.org/security/2002/dsa-122
Broken Link
http://www.kb.cert.org/vuls/id/368819
Third Party Advisory
US Government Resource
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
Patch
Vendor Advisory
Broken Link
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
Broken Link
http://www.redhat.com/support/errata/RHSA-2002-026.html
Patch
Vendor Advisory
Broken Link
http://www.redhat.com/support/errata/RHSA-2002-027.html
Patch
Vendor Advisory
Broken Link
http://www.securityfocus.com/bid/4267
Third Party Advisory
Broken Link
VDB Entry
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030
Broken Link
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036
Broken Link
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/8427
Third Party Advisory
VDB Entry