Bug 1616731 (CVE-2002-0059)
| Summary: | CVE-2002-0059 zlib: Double free in inflateEnd | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Stephen Herr <sherr> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | asoldano, atangrin, bbaranow, bmaxwell, brian.stansberry, cdewolf, chazlett, darran.lofthouse, databases-maint, dkreling, dosoudil, eleandro, fjuma, hhorak, iweiss, jaromir.capik, jchaloup, jochrist, jorton, jpallich, jperkins, jwon, krathod, kwills, lgao, ljavorsk, mmuzila, msochure, msvehla, nodejs-maint, nwallace, odubaj, panovotn, pjindal, pkubat, pmackay, praiskup, psampaio, rguimara, rstancel, rsvoboda, smaestri, tom.jenkinson, yborgess, zmiklank, zsvetlik |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-08-16 01:41:31 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Stephen Herr
2018-08-16 01:41:25 UTC
MITRE description: The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data. References: https://www.kb.cert.org/vuls/id/368819 |