Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2002-0059

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

Published

2002-03-15T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-415

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	zlib	zlib	≤ 1.1.3	Yes

References

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt Broken Link ([email protected])
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469 Broken Link ([email protected])
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022 Broken Link ([email protected])
http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt Broken Link ([email protected])
http://www.cert.org/advisories/CA-2002-07.html Third Party Advisory, US Government Resource ([email protected])
http://www.debian.org/security/2002/dsa-122 Broken Link ([email protected])
http://www.kb.cert.org/vuls/id/368819 Third Party Advisory, US Government Resource ([email protected])
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php Broken Link, Patch, Vendor Advisory ([email protected])
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3 Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2002-026.html Broken Link, Patch, Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2002-027.html Broken Link, Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/4267 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030 Broken Link ([email protected])
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036 Broken Link ([email protected])
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037 Broken Link ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/8427 Third Party Advisory, VDB Entry ([email protected])
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.cert.org/advisories/CA-2002-07.html Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2002/dsa-122 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/368819 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php Broken Link, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2002-026.html Broken Link, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2002-027.html Broken Link, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/4267 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8427 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)