6.8

CVE-2010-0001

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGzip Version <= 1.3.13
GnuGzip Version1.2.4
GnuGzip Version1.2.4a
GnuGzip Version1.3
GnuGzip Version1.3.1
GnuGzip Version1.3.2
GnuGzip Version1.3.3
GnuGzip Version1.3.4
GnuGzip Version1.3.5
GnuGzip Version1.3.6
GnuGzip Version1.3.7
GnuGzip Version1.3.8
GnuGzip Version1.3.9
GnuGzip Version1.3.10
GnuGzip Version1.3.11
GnuGzip Version1.3.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.77% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
http://secunia.com/advisories/40551
http://www.vupen.com/english/advisories/2010/1796
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://support.apple.com/kb/HT4435
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://secunia.com/advisories/38223
Vendor Advisory
http://secunia.com/advisories/38232
Vendor Advisory
http://www.debian.org/security/2010/dsa-1974
http://www.mandriva.com/security/advisories?name=MDVSA-2010:020
http://www.ubuntu.com/usn/USN-889-1
http://www.vupen.com/english/advisories/2010/0185
Vendor Advisory
http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f
http://ncompress.sourceforge.net/#status
http://savannah.gnu.org/forum/forum.php?forum_id=6153
http://secunia.com/advisories/38220
Vendor Advisory
http://secunia.com/advisories/38225
Vendor Advisory
http://secunia.com/advisories/40655
http://secunia.com/advisories/40689
http://securitytracker.com/id?1023490
http://www.debian.org/security/2010/dsa-2074
http://www.mandriva.com/security/advisories?name=MDVSA-2010:019
http://www.mandriva.com/security/advisories?name=MDVSA-2011:152
http://www.osvdb.org/61869
http://www.redhat.com/support/errata/RHSA-2010-0061.html
http://www.vupen.com/english/advisories/2010/1872
https://bugzilla.redhat.com/show_bug.cgi?id=554418
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10546
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7511