CVE-2009-2624

EPSS 7.32%
Published 29.01.2010 18:30:00
Last modified 11.04.2025 00:51:21
Source cret@cert.org
Teams watchlist Login
Open Login

The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive.  NOTE: this issue is caused by a CVE-2006-4334 regression.

Affected products Warnungen 0 Metrics 2 CWE 1 References 17

Data is provided by the National Vulnerability Database (NVD)

Gnu ≫ Gzip Version <= 1.3.12

Gnu ≫ Gzip Version1.2.4

Gnu ≫ Gzip Version1.2.4a

Gnu ≫ Gzip Version1.3

Gnu ≫ Gzip Version1.3.1

Gnu ≫ Gzip Version1.3.2

Gnu ≫ Gzip Version1.3.3

Gnu ≫ Gzip Version1.3.4

Gnu ≫ Gzip Version1.3.5

Gnu ≫ Gzip Version1.3.6

Gnu ≫ Gzip Version1.3.7

Gnu ≫ Gzip Version1.3.8

Gnu ≫ Gzip Version1.3.9

Gnu ≫ Gzip Version1.3.10

Gnu ≫ Gzip Version1.3.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	7.32%	0.913

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://support.apple.com/kb/HT4435

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html

http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263

http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2

http://secunia.com/advisories/38132

Vendor Advisory

http://secunia.com/advisories/38223

Vendor Advisory

http://secunia.com/advisories/38232

Vendor Advisory