CVE - CVE-2009-1391

CVE-ID
CVE-2009-1391	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:35307 URL:http://www.securityfocus.com/bid/35307 CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=273141 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=504386 FEDORA:FEDORA-2009-7680 URL:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00607.html GENTOO:GLSA-200908-07 URL:http://security.gentoo.org/glsa/glsa-200908-07.xml MANDRIVA:MDVSA-2009:157 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:157~~ (Obsolete source) MISC:http://article.gmane.org/gmane.mail.virus.amavis.user/33635 MISC:http://article.gmane.org/gmane.mail.virus.amavis.user/33638 MISC:http://thread.gmane.org/gmane.mail.virus.amavis.user/33635 OSVDB:55041 URL:~~http://osvdb.org/55041~~ (Obsolete source) SECUNIA:35422 URL:http://secunia.com/advisories/35422 SECUNIA:35685 URL:http://secunia.com/advisories/35685 SECUNIA:35689 URL:http://secunia.com/advisories/35689 SECUNIA:35876 URL:http://secunia.com/advisories/35876 SUSE:SUSE-SR:2009:012 URL:http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html UBUNTU:USN-794-1 URL:https://usn.ubuntu.com/794-1/ VUPEN:ADV-2009-1571 URL:~~http://www.vupen.com/english/advisories/2009/1571~~ (Obsolete source) XF:perl-compressrawzlib-inflate-bo(51062) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/51062
Assigning CNA
Red Hat, Inc.
Date Record Created
20090423	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090423)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)