High

CVE-2002-0059 - Unspecified vulnerability in GNU Zlib

Publication: 2002-03-15
Summary

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

Risk level (CVSS 7.5)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • GNU Zlib 1.0
  • GNU Zlib 1.0.1
  • GNU Zlib 1.0.2
  • GNU Zlib 1.0.3
  • GNU Zlib 1.0.4
  • GNU Zlib 1.0.5
  • GNU Zlib 1.0.6
  • GNU Zlib 1.0.7
  • GNU Zlib 1.0.8
  • GNU Zlib 1.0.9
  • GNU Zlib 1.1
  • GNU Zlib 1.1.1
  • GNU Zlib 1.1.2
  • GNU Zlib 1.1.3