Vulnerability Details CVE-2002-0059
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.299
EPSS Ranking 96.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022
- http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
- http://www.cert.org/advisories/CA-2002-07.html
- http://www.debian.org/security/2002/dsa-122
- http://www.kb.cert.org/vuls/id/368819
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
- http://www.redhat.com/support/errata/RHSA-2002-026.html
- http://www.redhat.com/support/errata/RHSA-2002-027.html
- http://www.securityfocus.com/bid/4267
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8427
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022
- http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
- http://www.cert.org/advisories/CA-2002-07.html
- http://www.debian.org/security/2002/dsa-122
- http://www.kb.cert.org/vuls/id/368819
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
- http://www.redhat.com/support/errata/RHSA-2002-026.html
- http://www.redhat.com/support/errata/RHSA-2002-027.html
- http://www.securityfocus.com/bid/4267
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8427
Products affected by CVE-2002-0059
-
cpe:2.3:a:zlib:zlib:-
-
cpe:2.3:a:zlib:zlib:0.3
-
cpe:2.3:a:zlib:zlib:0.4
-
cpe:2.3:a:zlib:zlib:0.5
-
cpe:2.3:a:zlib:zlib:0.6
-
cpe:2.3:a:zlib:zlib:0.61
-
cpe:2.3:a:zlib:zlib:0.7
-
cpe:2.3:a:zlib:zlib:0.71
-
cpe:2.3:a:zlib:zlib:0.8
-
cpe:2.3:a:zlib:zlib:0.9
-
cpe:2.3:a:zlib:zlib:0.91
-
cpe:2.3:a:zlib:zlib:0.92
-
cpe:2.3:a:zlib:zlib:0.93
-
cpe:2.3:a:zlib:zlib:0.94
-
cpe:2.3:a:zlib:zlib:0.95
-
cpe:2.3:a:zlib:zlib:0.99
-
cpe:2.3:a:zlib:zlib:1.0
-
cpe:2.3:a:zlib:zlib:1.0.1
-
cpe:2.3:a:zlib:zlib:1.0.2
-
cpe:2.3:a:zlib:zlib:1.0.3
-
cpe:2.3:a:zlib:zlib:1.0.4
-
cpe:2.3:a:zlib:zlib:1.0.5
-
cpe:2.3:a:zlib:zlib:1.0.6
-
cpe:2.3:a:zlib:zlib:1.0.7
-
cpe:2.3:a:zlib:zlib:1.0.8
-
cpe:2.3:a:zlib:zlib:1.0.9
-
cpe:2.3:a:zlib:zlib:1.1
-
cpe:2.3:a:zlib:zlib:1.1.0
-
cpe:2.3:a:zlib:zlib:1.1.1
-
cpe:2.3:a:zlib:zlib:1.1.2
-
cpe:2.3:a:zlib:zlib:1.1.3