Zlib压缩库堆腐烂漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1204623 漏洞类型 设计错误
发布时间 2002-03-11 更新时间 2007-10-24
CVE编号 CVE-2002-0059 CNNVD-ID CNNVD-200203-028
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/4267
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200203-028
|漏洞详情
zlib1.1.3及其早期版本的解压算法使用在许多不同实用程序和数据包时导致inflateEnd多次(“重复释放”)释放某些内存。本地和远程攻击者借助畸形压缩数据块执行任意代码。
|受影响的产品
zlib zlib 1.1.3 zlib zlib 1.1.2 zlib zlib 1.1.1 zlib zlib 1.1 zlib zlib 1.0.9 zlib zlib 1.0.8 zlib zlib 1.0.7 zlib zlib 1.0.6
|参考资料
resource:
hyperlink:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt
resource:
hyperlink:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469
resource:
hyperlink:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022
resource:
hyperlink:http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
resource:US Government Resource
hyperlink:http://www.cert.org/advisories/CA-2002-07.html
resource:
hyperlink:http://www.debian.org/security/2002/dsa-122
resource:US Government Resource
hyperlink:http://www.kb.cert.org/vuls/id/368819
resource:Patch
hyperlink:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
resource:
hyperlink:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
resource:Patch
hyperlink:http://www.redhat.com/support/errata/RHSA-2002-026.html
resource:Patch
hyperlink:http://www.redhat.com/support/errata/RHSA-2002-027.html
resource:
hyperlink:http://www.securityfocus.com/bid/4267
resource:
hyperlink