Lucene search

[email protected]CVE-2005-2096

HistoryJul 06, 2005 - 4:00 a.m.

CVE-2005-2096

2005-07-0604:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

zlib

denial of service

cve-2005-2096

nvd

security vulnerability

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.059 Low

EPSS

Percentile

93.4%

JSON

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

CPENameOperatorVersion
zlib:zlibzlibeq1.2.1
zlib:zlibzlibeq1.2.0
zlib:zlibzlibeq1.2.2

CPE	Name	Operator	Version
zlib:zlib	zlib	eq	1.2.1
zlib:zlib	zlib	eq	1.2.0
zlib:zlib	zlib	eq	1.2.2

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt

lists.apple.com/archives/security-announce//2008/Nov/msg00001.html

lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

secunia.com/advisories/15949

secunia.com/advisories/17054

secunia.com/advisories/17225

secunia.com/advisories/17236

secunia.com/advisories/17326

secunia.com/advisories/17516

secunia.com/advisories/18377

secunia.com/advisories/18406

secunia.com/advisories/18507

secunia.com/advisories/19550

secunia.com/advisories/19597

secunia.com/advisories/24788

secunia.com/advisories/31492

secunia.com/advisories/32706

security.gentoo.org/glsa/glsa-200507-05.xml

securitytracker.com/id?1014398

sunsolve.sun.com/search/document.do?assetkey=1-26-101989-1

support.apple.com/kb/HT3298

support.avaya.com/elmodocs2/security/ASA-2006-016.htm

www.debian.org/security/2005/dsa-740

www.debian.org/security/2005/dsa-797

www.debian.org/security/2006/dsa-1026

www.gentoo.org/security/en/glsa/glsa-200509-18.xml

www.kb.cert.org/vuls/id/680620

www.mandriva.com/security/advisories?name=MDKSA-2005:112

www.mandriva.com/security/advisories?name=MDKSA-2005:196

www.mandriva.com/security/advisories?name=MDKSA-2006:070

www.redhat.com/support/errata/RHSA-2005-569.html

www.redhat.com/support/errata/RHSA-2008-0629.html

www.securityfocus.com/archive/1/421411/100/0/threaded

www.securityfocus.com/archive/1/464745/100/0/threaded

www.securityfocus.com/archive/1/482503/100/0/threaded

www.securityfocus.com/archive/1/482505/100/0/threaded

www.securityfocus.com/archive/1/482571/100/0/threaded

www.securityfocus.com/archive/1/482601/100/0/threaded

www.securityfocus.com/archive/1/482949/100/0/threaded

www.securityfocus.com/archive/1/482950/100/0/threaded

www.securityfocus.com/bid/14162

www.ubuntulinux.org/usn/usn-151-3

www.vmware.com/support/vi3/doc/esx-3616065-patch.html

www.vmware.com/support/vi3/doc/esx-9916286-patch.html

www.vupen.com/english/advisories/2005/0978

www.vupen.com/english/advisories/2006/0144

www.vupen.com/english/advisories/2007/1267

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162391

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680

exchange.xforce.ibmcloud.com/vulnerabilities/24064

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11500

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1262

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1542

usn.ubuntu.com/148-1/

Social References

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.059 Low

EPSS

Percentile

93.4%

JSON

Related for CVE-2005-2096

securityvulns8 openvas26 nessus40 debian7 cert1 suse2 redhat5 ubuntucve1 ubuntu5 centos2 f52 freebsd1 debiancve1 freebsd_advisory1 slackware1 gentoo4 exploitpack1 osv2 seebug1 exploitdb1 jvn1