[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-1391Date: (C)2009-06-16   (M)2023-12-22


Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-35307
SECUNIA-35422
SECUNIA-35685
SECUNIA-35689
SECUNIA-35876
OSVDB-55041
ADV-2009-1571
FEDORA-2009-7680
GLSA-200908-07
MDVSA-2009:157
SUSE-SR:2009:012
USN-794-1
http://article.gmane.org/gmane.mail.virus.amavis.user/33635
http://article.gmane.org/gmane.mail.virus.amavis.user/33638
http://thread.gmane.org/gmane.mail.virus.amavis.user/33635
https://bugs.gentoo.org/show_bug.cgi?id=273141
https://bugzilla.redhat.com/show_bug.cgi?id=504386
perl-compressrawzlib-inflate-bo(51062)

CWE    1
CWE-189
OVAL    7
oval:org.secpod.oval:def:700366
oval:org.secpod.oval:def:102245
oval:org.secpod.oval:def:102197
oval:org.secpod.oval:def:300677
...

© SecPod Technologies