Описание
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | |
| hardy | released | 2.008-1ubuntu0.1 |
| intrepid | released | 2.011-2ubuntu0.1 |
| jaunty | released | 2.015-1ubuntu0.1 |
| upstream | released | 2.017 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | code not present |
| devel | not-affected | |
| hardy | not-affected | code not present |
| intrepid | released | 5.10.0-11.1ubuntu2.3 |
| jaunty | released | 5.10.0-19ubuntu1.1 |
| upstream | needs-triage |
Показывать по
6.8 Medium
CVSS2
Связанные уязвимости
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw:: ...
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.
6.8 Medium
CVSS2