Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2005-2096

Опубликовано: 06 июл. 2005
Источник: debian
EPSS Средний

Описание

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
dpkgnot-affectedwoodypackage
dpkgfixed1.13.11package
zsyncfixed0.4.0-2package
dumpnot-affectedwoodypackage
dumpno-dsasargepackage
dumpfixed0.4b40-1package
aidenot-affectedwoodypackage
aidefixed0.10-6.1.1package
amd64-libsnot-affectedwoodypackage
amd64-libsfixed1.3package
ia32-libsnot-affectedwoodypackage
ia32-libsfixed1.6package
darnot-affectedpackage
baculanot-affectedwoodypackage
baculafixed1.36.3-2package
baculano-dsasargepackage
sashnot-affectedwoodypackage
sashfixed3.7-6package
libphysfsnot-affectedwoodypackage
libphysfsfixed1.0.0-5package
oopsfixed1.5.23.cvs-3package
rpmnot-affectedwoodypackage
rpmfixed4.0.4-31.1package
rageircdfixed2.0.0-3sid1package
systemimager-sshnot-affectedpackage
texmacsnot-affectedwoodypackage
texmacsfixed1:1.0.5-3package
texmacsno-dsasargepackage
zlibfixed1:1.2.2-7package
pvpgnfixed1.7.8-2package
mysql-dfsg-4.1fixed4.1.13-1package
mrtgnot-affectedpackage
rsyncnot-affectedpackage

Примечания

  • Several packages ship embedded copies of zlib, there are a lot probably more

  • Florian Weimer is doing a comprehensive audit using clamav

  • to search for static zlib signatures in binaries in Debian

  • Not all of the listed packages have been checked for actual

  • exploitability using this hole.

  • oldstable (woody) had zlib 1.1, which is not affected

  • You need to trust debs anyway, when installing them

  • aide only uses zlib to compress/decompress internal data

  • You need to trust rpms anyway, when installing them

  • see dannf's first bug comment; systemimager-ssh doesn't use compression

  • rsync upstream updated the internal zlib copy in 2.6.6 without real need,

  • as the included version was never affected, despite claiming them so.

EPSS

Процентиль: 98%
0.46479
Средний

Связанные уязвимости

ubuntu логотип

CVE-2005-2096

ubuntu
около 20 лет назад

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

redhat логотип

CVE-2005-2096

redhat
около 20 лет назад

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

nvd логотип

CVE-2005-2096

nvd
около 20 лет назад

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

github логотип

GHSA-w2qv-rhm9-97p2

github
больше 3 лет назад

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

fstec логотип

BDU:2015-04810

fstec
больше 10 лет назад

Уязвимость операционной системы openSUSE, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 98%
0.46479
Средний