Vulnerability Details : CVE-2002-0059
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
Vulnerability category: Memory CorruptionExecute code
Exploit prediction scoring system (EPSS) score for CVE-2002-0059
Probability of exploitation activity in the next 30 days: 47.29%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-0059
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2002-0059
-
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.Assigned by: nvd@nist.gov (Primary)
References for CVE-2002-0059
-
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
Broken Link
-
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022
MandrivaBroken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/8427
zlib double free memory corruption CVE-2002-0059 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469
CONECTIVA | Análises dos Melhores Produtos Online (#10 Melhores)Broken Link
-
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037
Broken Link
-
http://www.redhat.com/support/errata/RHSA-2002-026.html
SupportBroken Link;Patch;Vendor Advisory
-
http://www.cert.org/advisories/CA-2002-07.html
2002 CERT AdvisoriesThird Party Advisory;US Government Resource
-
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030
Broken Link
-
http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
Page non trouvée - CalderaBroken Link
-
http://www.redhat.com/support/errata/RHSA-2002-027.html
SupportBroken Link;Patch;Vendor Advisory
-
http://www.debian.org/security/2002/dsa-122
Debian -- The Universal Operating SystemBroken Link
-
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt
Broken Link
-
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036
Broken Link
-
http://www.securityfocus.com/bid/4267
Broken Link;Third Party Advisory;VDB Entry
-
http://www.kb.cert.org/vuls/id/368819
VU#368819 - Double Free Bug in zlib Compression Library Corrupts malloc's Internal Data StructuresThird Party Advisory;US Government Resource
-
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
Broken Link;Patch;Vendor Advisory
Products affected by CVE-2002-0059
- cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*