Vulnerability Note VU#680620
zlib inflate() routine vulnerable to buffer overflow
Overview
A buffer overflow in the zlib compression library may cause any application linked to zlib to improperly and immediately terminate.
Description
There is a buffer overflow in the zlib data-compression library caused by a lack of bounds checking in the inflate() routine. If an attacker supplies the inflate()routine with a specially crafted compressed data stream, that attacker may be able to trigger the buffer overflow causing any application linked to zlib, or incorporating zlib code to crash. According to reports, the buffer overflow is caused by a specific input stream and results in a constant value being written into an arbitrary memory location. This vulnerability may be exploited locally or remotely depending on the application being attacked. This vulnerability only affects zlib versions 1.2.1 and 1.2.2. |
Impact
A remote attacker be able to exploit this vulnerability by supplying the inflate() routine with specially crafted compressed data. As a result, applications linked to the zlib library may abruptly and abnormally terminate resulting in a denial-of-service condition. According to public reports, this vulnerability can be exploited to execute arbitrary code, but we have not confirmed this. |
Solution
Apply patches from your vendor
|
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| CVS Home | Affected | - | 05 Oct 2005 |
| Gentoo | Affected | - | 13 Jul 2005 |
| Mandriva, Inc. | Affected | 11 Jul 2005 | 11 Jul 2005 |
| Red Hat, Inc. | Affected | 11 Jul 2005 | 11 Jul 2005 |
| Foundry Networks Inc. | Not Affected | 11 Jul 2005 | 13 Jul 2005 |
| Juniper Networks, Inc. | Not Affected | 11 Jul 2005 | 22 Jul 2005 |
| Microsoft Corporation | Not Affected | 11 Jul 2005 | 12 Jul 2005 |
| NetBSD | Not Affected | 11 Jul 2005 | 11 Jul 2005 |
| Openwall GNU/*/Linux | Not Affected | 11 Jul 2005 | 12 Jul 2005 |
| TurboLinux | Not Affected | 11 Jul 2005 | 12 Jul 2005 |
| 3Com | Unknown | 11 Jul 2005 | 11 Jul 2005 |
| Alcatel | Unknown | 11 Jul 2005 | 11 Jul 2005 |
| Apple Computer, Inc. | Unknown | 11 Jul 2005 | 11 Jul 2005 |
| AT&T | Unknown | 11 Jul 2005 | 11 Jul 2005 |
| Avaya | Unknown | 11 Jul 2005 | 11 Jul 2005 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc
- https://rhn.redhat.com/errata/RHSA-2005-569.html
- http://secunia.com/advisories/15949/
- http://dev.gentoo.org/~taviso/blog/#e2005-07-21T17_24_15.txt
- http://secunia.com/advisories/24788
- http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=3616065
- http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=9916286
Credit
This vulnerability was reported by Mark Adler.
This document was written by Jeff Gennari.
Other Information
- CVE IDs: CVE-2005-2096
- Date Public: 02 Jul 2005
- Date First Published: 12 Jul 2005
- Date Last Updated: 05 Apr 2007
- Severity Metric: 9.45
- Document Revision: 82
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.