Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2009-2624
HistoryJan 29, 2010 - 6:30 p.m.

Design/Logic Flaw

2010-01-2918:30:00
PRIOn knowledge base
www.prio-n.com
5

7.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.155 Low

EPSS

Percentile

95.7%

JSON

The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.

CPENameOperatorVersion
gzipeq1.3.1
gzipeq1.3.8
gziple1.3.12
gzipeq1.3
gzipeq1.3.3
gzipeq1.3.11
gzipeq1.3.6
gzipeq1.3.2
gzipeq1.2.4
gzipeq1.3.10
Rows per page:
1-10 of 151

Related

nessus 28
ubuntucve 2
cve 2
debiancve 2
osv 2
debian 2
openvas 37
veracode 1
cert 1
fedora 2
ubuntu 2
suse 2
freebsd_advisory 1
securityvulns 4
redhat 1
freebsd 1
centos 2
gentoo 2
oraclelinux 1
slackware 1
seebug 1
nessus
nessus
Oracle Solaris Third-Party Patch Update : gzip (cve_2009_2624_denial_of)
2015-01-19 00:00:00
Debian DSA-1974-1 : gzip - several vulnerabilities
2010-02-24 00:00:00
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : gzip vulnerabilities (USN-889-1)
2010-01-21 00:00:00
ubuntucve
ubuntucve
CVE-2009-2624
2010-01-20 00:00:00
CVE-2006-4334
2006-09-19 00:00:00
cve
cve
CVE-2009-2624
2010-01-29 18:30:00
CVE-2006-4334
2006-09-19 21:07:00
debiancve
debiancve
CVE-2009-2624
2010-01-29 18:30:00
CVE-2006-4334
2006-09-19 21:07:00
osv
osv
gzip - arbitrary code execution
2010-01-20 00:00:00
gzip
2006-09-19 00:00:00
debian
debian
[SECURITY] [DSA 1974-1] New gzip packages fix arbitrary code execution
2010-01-20 14:16:48
[SECURITY] [DSA 1181-1] New gzip packages fix arbitrary code execution
2006-09-19 19:19:34
openvas
openvas
Debian Security Advisory DSA 1974-1 (gzip)
2010-02-01 00:00:00
Debian: Security Advisory (DSA-1974-1)
2010-02-01 00:00:00
GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Linux)
2010-02-04 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:15:00
cert
cert
gzip NULL dereference in huft_build()
2006-09-19 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: gzip-1.3.12-10.fc11
2010-02-01 01:04:06
[SECURITY] Fedora 12 Update: gzip-1.3.12-14.fc12
2010-02-01 01:03:15
ubuntu
ubuntu
gzip vulnerabilities
2010-01-20 00:00:00
gzip vulnerabilities
2006-09-20 00:00:00
suse
suse
remote system compromise in gzip
2006-09-26 13:43:14
remote code execution in acroread
2010-01-26 16:40:23
freebsd_advisory
freebsd_advisory
FreeBSD-SA-06:21.gzip
2006-09-19 00:00:00
securityvulns
securityvulns
Multiple gzip security vulnerabilities
2007-03-07 00:00:00
FreeBSD Security Advisory FreeBSD-SA-06:21.gzip
2006-09-19 00:00:00
[security bulletin] HPSBUX02195 SSRT061237 rev.1 - HP-UX Running Software Distributor (SD), Remote Denial of Service (DoS)
2007-03-07 00:00:00
redhat
redhat
(RHSA-2006:0667) gzip security update
2006-09-19 00:00:00
freebsd
freebsd
gzip -- multiple vulnerabilities
2006-09-19 00:00:00
centos
centos
gzip security update
2006-09-19 14:54:11
gzip security update
2006-09-19 23:19:38
gentoo
gentoo
gzip: Multiple vulnerabilities
2006-09-23 00:00:00
Multiple packages, Multiple vulnerabilities fixed in 2010
2014-12-11 00:00:00
oraclelinux
oraclelinux
Moderate gzip security update
2006-11-30 00:00:00
slackware
slackware
[slackware-security] gzip
2006-09-19 21:15:29
seebug
seebug
Apple Mac OS X 2006-007ć­˜ćœšć€šäžȘćź‰ć…šæŒæŽž
2006-11-29 00:00:00

7.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.155 Low

EPSS

Percentile

95.7%

JSON
Related for PRION:CVE-2009-2624
nessus28ubuntucve2cve2debiancve2osv2debian2openvas37veracode1cert1fedora2ubuntu2suse2freebsd_advisory1securityvulns4redhat1freebsd1centos2gentoo2oraclelinux1slackware1seebug1