Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-1391

Опубликовано: 16 июн. 2009
Источник: nvd
CVSS2: 6.8
EPSS Средний

Описание

Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:*:*:*:*:*:*:*:*
Версия до 2.015 (включая)
cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.001:*:*:*:*:*:*:*
cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.002:*:*:*:*:*:*:*
cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.003:*:*:*:*:*:*:*
cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.004:*:*:*:*:*:*:*
cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.005:*:*:*:*:*:*:*
cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.006:*:*:*:*:*:*:*
cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.008:*:*:*:*:*:*:*
cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.009:*:*:*:*:*:*:*
cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.010:*:*:*:*:*:*:*
cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.011:*:*:*:*:*:*:*
cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.012:*:*:*:*:*:*:*
cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.014:*:*:*:*:*:*:*

EPSS

Процентиль: 95%
0.18375
Средний

6.8 Medium

CVSS2

Дефекты

CWE-189

Связанные уязвимости

ubuntu логотип

CVE-2009-1391

ubuntu
больше 16 лет назад

Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.

debian логотип

CVE-2009-1391

debian
больше 16 лет назад

Off-by-one error in the inflate function in Zlib.xs in Compress::Raw:: ...

github логотип

GHSA-353f-jcfv-fpmh

github
почти 4 года назад

Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.

EPSS

Процентиль: 95%
0.18375
Средний

6.8 Medium

CVSS2

Дефекты

CWE-189