[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

111017

 
 

909

 
 

86402

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-1391Date: (C)2009-06-16   (M)2018-06-20


Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 6.8
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
BID-35307
SECUNIA-35422
SECUNIA-35685
SECUNIA-35689
SECUNIA-35876
OSVDB-55041
ADV-2009-1571
FEDORA-2009-7680
GLSA-200908-07
MDVSA-2009:157
SUSE-SR:2009:012
USN-794-1
http://article.gmane.org/gmane.mail.virus.amavis.user/33635
http://article.gmane.org/gmane.mail.virus.amavis.user/33638
http://thread.gmane.org/gmane.mail.virus.amavis.user/33635
https://bugs.gentoo.org/show_bug.cgi?id=273141
https://bugzilla.redhat.com/show_bug.cgi?id=504386
perl-compressrawzlib-inflate-bo(51062)

CWE    1
CWE-189
OVAL    7
oval:org.secpod.oval:def:101726
oval:org.secpod.oval:def:101978
oval:org.secpod.oval:def:102197
oval:org.secpod.oval:def:102245
...

© SecPod Technologies