Vulnerability Note VU#680620

zlib inflate() routine vulnerable to buffer overflow

Original Release date: 12 Jul 2005 | Last revised: 05 Apr 2007

Overview

A buffer overflow in the zlib compression library may cause any application linked to zlib to improperly and immediately terminate.

Description

There is a buffer overflow in the zlib data-compression library caused by a lack of bounds checking in the inflate() routine. If an attacker supplies the inflate()routine with a specially crafted compressed data stream, that attacker may be able to trigger the buffer overflow causing any application linked to zlib, or incorporating zlib code to crash. According to reports, the buffer overflow is caused by a specific input stream and results in a constant value being written into an arbitrary memory location. This vulnerability may be exploited locally or remotely depending on the application being attacked.

This vulnerability only affects zlib versions 1.2.1 and 1.2.2.

Impact

A remote attacker be able to exploit this vulnerability by supplying the inflate() routine with specially crafted compressed data. As a result, applications linked to the zlib library may abruptly and abnormally terminate resulting in a denial-of-service condition. According to public reports, this vulnerability can be exploited to execute arbitrary code, but we have not confirmed this.

Solution

Apply patches from your vendor


The zlib compression library is freely available and used by many vendors in a wide variety of applications. As a result, any one of these applications may contain this vulnerabilitiy. Users are encouraged to contact their vendors to determine if they are vulnerable and what action to take.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
CVS HomeAffected-05 Oct 2005
GentooAffected-13 Jul 2005
Mandriva, Inc.Affected11 Jul 200511 Jul 2005
Red Hat, Inc.Affected11 Jul 200511 Jul 2005
Foundry Networks Inc.Not Affected11 Jul 200513 Jul 2005
Juniper Networks, Inc.Not Affected11 Jul 200522 Jul 2005
Microsoft CorporationNot Affected11 Jul 200512 Jul 2005
NetBSDNot Affected11 Jul 200511 Jul 2005
Openwall GNU/*/LinuxNot Affected11 Jul 200512 Jul 2005
TurboLinuxNot Affected11 Jul 200512 Jul 2005
3ComUnknown11 Jul 200511 Jul 2005
AlcatelUnknown11 Jul 200511 Jul 2005
Apple Computer, Inc.Unknown11 Jul 200511 Jul 2005
AT&TUnknown11 Jul 200511 Jul 2005
AvayaUnknown11 Jul 200511 Jul 2005
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by Mark Adler.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: CVE-2005-2096
  • Date Public: 02 Jul 2005
  • Date First Published: 12 Jul 2005
  • Date Last Updated: 05 Apr 2007
  • Severity Metric: 9.45
  • Document Revision: 82

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.