Juniper Networks Information for VU#368819
Double Free Bug in zlib Compression Library Corrupts malloc's Internal Data Structures
- Vendor Information Help Date Notified: 11 Mar 2002
- Statement Date:
- Date Updated: 29 Mar 2002
Juniper Networks has completed an initial assessment of this vulnerability, and we believe that our implementation is not susceptible. Test programs show that our memory allocation algorithm correctly detects and warns about any attempt to exploit the vulnerability described in the CERT/CC advisory.
We continue to evaluate the risks associated with this vulnerability. If we determine that the JUNOS software is susceptible, we will quickly issue any patches or software updates required to maintain the security of Juniper Networks routers.
Future JUNOS software releases will include a corrected version of the libz code.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.