CVE-2002-0059 — CRITICAL (9.8)

Q: How severe is CVE-2002-0059?

CVE-2002-0059 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2002-0059?

Check the references section above for vendor advisories and patch information. Affected products include: Zlib Zlib.

Vulnerability Description

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zlib	Zlib	<= 1.1.3

Related Weaknesses (CWE)

CWE-415

References

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txtBroken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469Broken Link
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022Broken Link
http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txtBroken Link
http://www.cert.org/advisories/CA-2002-07.htmlThird Party AdvisoryUS Government Resource
http://www.debian.org/security/2002/dsa-122Broken Link
http://www.kb.cert.org/vuls/id/368819Third Party AdvisoryUS Government Resource
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.phpBroken LinkPatchVendor Advisory
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3Broken Link
http://www.redhat.com/support/errata/RHSA-2002-026.htmlBroken LinkPatchVendor Advisory
http://www.redhat.com/support/errata/RHSA-2002-027.htmlBroken LinkPatchVendor Advisory
http://www.securityfocus.com/bid/4267Broken LinkThird Party AdvisoryVDB Entry
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030Broken Link
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036Broken Link
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037Broken Link

FAQ

What is CVE-2002-0059?

CVE-2002-0059 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow l...

How severe is CVE-2002-0059?

CVE-2002-0059 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2002-0059?

Check the references section above for vendor advisories and patch information. Affected products include: Zlib Zlib.