CVE - CVE-2002-0059

CVE-ID
CVE-2002-0059	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20020311 security problem fixed in zlib 1.1.4 BUGTRAQ:20020312 exploiting the zlib bug in openssh VULNWATCH:20020312 exploiting the zlib bug in openssh VULNWATCH:20020311 [VulnWatch] zlibscan : script to find suid binaries possibly affected by zlib vulnerability BUGTRAQ:20020312 [OpenPKG-SA-2002.003] OpenPKG Security Advisory (zlib) BUGTRAQ:20020312 Re: [VulnWatch] exploiting the zlib bug in openssh BUGTRAQ:20020312 zlib & java BUGTRAQ:20020312 zlibscan : script to find suid binaries possibly affected by zlib vulnerability BUGTRAQ:20020313 OpenSSH rebuild warning: problems avoiding zlib problems in Solaris BUGTRAQ:20020314 about zlib vulnerability BUGTRAQ:20020314 ZLib double free bug: Windows NT potentially unaffected BUGTRAQ:20020314 Re: about zlib vulnerability - Microsoft products BUGTRAQ:20020315 RE: [Whitehat] about zlib vulnerability CERT:CA-2002-07 URL:http://www.cert.org/advisories/CA-2002-07.html CERT-VN:VU#368819 URL:http://www.kb.cert.org/vuls/id/368819 DEBIAN:DSA-122 URL:http://www.debian.org/security/2002/dsa-122 REDHAT:RHSA-2002:026 URL:http://www.redhat.com/support/errata/RHSA-2002-026.html REDHAT:RHSA-2002:027 URL:http://www.redhat.com/support/errata/RHSA-2002-027.html SUSE:SuSE-SA:2002:010 SUSE:SuSE-SA:2002:011 ENGARDE:ESA-20020311-008 MANDRAKE:MDKSA-2002:022 URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022 MANDRAKE:MDKSA-2002:023 URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php CALDERA:CSSA-2002-014.1 URL:http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt CALDERA:CSSA-2002-015.1 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt CONECTIVA:CLA-2002:469 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469 HP:HPSBTL0204-030 URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030 HP:HPSBTL0204-036 URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036 HP:HPSBTL0204-037 URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037 MANDRAKE:MDKSA-2002:024 URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3 CISCO:20020403 Vulnerability in the zlib Compression Library OPENBSD:20020313 015: RELIABILITY FIX: March 13, 2002 FREEBSD:FreeBSD-SA-02:18 BUGTRAQ:20020318 TSLSA-2002-0040 - zlib BUGTRAQ:20020402 VNC Security Bulletin - zlib double free issue (multiple vendors and versions) BID:4267 URL:http://www.securityfocus.com/bid/4267 XF:zlib-doublefree-memory-corruption(8427) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8427
Date Entry Created
20020625	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org