Lucene search

Gentoo FoundationGLSA-200408-26

HistoryAug 27, 2004 - 12:00 a.m.

zlib: Denial of service vulnerability

2004-08-2700:00:00

Gentoo Foundation

security.gentoo.org

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.391 Low

EPSS

Percentile

97.3%

JSON

Background

zlib is a general-purpose data-compression library.

Description

zlib contains a bug in the handling of errors in the “inflate()” and “inflateBack()” functions.

Impact

An attacker could exploit this vulnerability to launch a Denial of Service attack on any application using the zlib library.

Workaround

There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of zlib.

Resolution

All zlib users should upgrade to the latest version:

 # emerge sync
 
 # emerge -pv "&gt;=sys-libs/zlib-1.2.1-r3"
 # emerge "&gt;=sys-libs/zlib-1.2.1-r3"

You should also run revdep-rebuild to rebuild any packages that depend on older versions of zlib :

 # revdep-rebuild

OSVersionArchitecturePackageVersionFilename
Gentooanyallsys-libs/zlib<= 1.2.1-r2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	sys-libs/zlib	<= 1.2.1-r2	UNKNOWN

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.391 Low

EPSS

Percentile

97.3%

JSON

Related for GLSA-200408-26