9.8

CVE-2002-0059

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZlibZlib Version <= 1.1.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 36.55% 0.969
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

http://www.cert.org/advisories/CA-2002-07.html
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/368819
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/4267
Third Party Advisory
Broken Link
VDB Entry