Vulnerability Note VU#368819
Double Free Bug in zlib Compression Library Corrupts malloc's Internal Data Structures
There is a bug in the zlib compression library that may manifest itself as a vulnerability in programs that are linked with zlib. This may allow an attacker to conduct a denial-of-service attack, gather information, or execute arbitrary code.
It is important to note that the CERT/CC has not received any reports of exploitation of this bug. Based on the information available to us at this time, it is difficult to determine whether this bug can be successfully exploited. However, given the widespread deployment of zlib, we have published this document as a proactive measure.
There is a bug in the decompression algorithm used by the popular zlib compression library. If an attacker is able to pass a specially-crafted block of invalid compressed data to a program that includes zlib, the program's attempt to decompress the crafted data can cause the zlib routines to corrupt the internal data structures maintained by malloc.
This bug may introduce vulnerabilities into any program that includes the affected library. Depending upon how and where the zlib routines are called from the given program, the resulting vulnerability may have one or more of the following impacts: denial of service, information leakage, or execution of arbitrary code.
Upgrade your version of zlib
The maintainers of zlib have published an advisory regarding this issue; for further information, please see
Apply a patch from your vendor
The zlib compression library is freely available and used by many vendors in a wide variety of applications. Any one of these applications may contain vulnerabilities that are introduced by this vulnerability. For the most recent information available to the CERT/CC, please see the vendor section of this document.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cisco Systems Inc.||Affected||11 Mar 2002||03 Apr 2002|
|Compaq Computer Corporation||Affected||22 Feb 2002||17 Oct 2002|
|Conectiva||Affected||18 Feb 2002||14 Jun 2002|
|Debian||Affected||22 Feb 2002||18 Mar 2002|
|FreeBSD||Affected||22 Feb 2002||23 Apr 2002|
|Guardian Digital Inc.||Affected||11 Mar 2002||12 Mar 2002|
|Hewlett-Packard Company||Affected||22 Feb 2002||24 Jan 2003|
|IBM||Affected||22 Feb 2002||25 Jun 2002|
|Juniper Networks||Affected||11 Mar 2002||29 Mar 2002|
|MandrakeSoft||Affected||22 Feb 2002||05 Jul 2002|
|NetBSD||Affected||22 Feb 2002||22 Mar 2002|
|Novell||Affected||12 Apr 2002||14 Apr 2002|
|OpenBSD||Affected||22 Feb 2002||22 Mar 2002|
|OpenSSH||Affected||22 Feb 2002||24 Jun 2002|
|Openwall GNU/*/Linux||Affected||13 Feb 2002||12 Mar 2002|
CVSS Metrics (Learn More)
The CERT/CC thanks Owen Taylor and Mark Cox of Red Hat, Inc. for reporting this vulnerability. We also thank Mark Adler of zlib.org for contributing to our research and Matthias Clasen for contributing to the discovery of this vulnerability.
This document was written by Jeffrey P. Lanza.
- CVE IDs: CVE-2002-0059
- CERT Advisory: CA-2002-07
- Date Public: 11 Mar 2002
- Date First Published: 11 Mar 2002
- Date Last Updated: 08 Jul 2005
- Severity Metric: 21.37
- Document Revision: 62
If you have feedback, comments, or additional information about this vulnerability, please send us email.