Lucene search

PRIOn knowledge basePRION:CVE-2010-0001

HistoryJan 29, 2010 - 6:30 p.m.

Integer overflow

2010-01-2918:30:00

PRIOn knowledge base

www.prio-n.com

8.3 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.061 Low

EPSS

Percentile

93.3%

JSON

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.

CPENameOperatorVersion
gziple1.3.13
gzipeq1.3.12
gzipeq1.3.1
gzipeq1.3.8
gzipeq1.3
gzipeq1.3.3
gzipeq1.3.11
gzipeq1.3.6
gzipeq1.3.2
gzipeq1.2.4

Name	Operator	Version
gzip	le	1.3.13
gzip	eq	1.3.12
gzip	eq	1.3.1
gzip	eq	1.3.8
gzip	eq	1.3
gzip	eq	1.3.3
gzip	eq	1.3.11
gzip	eq	1.3.6
gzip	eq	1.3.2
gzip	eq	1.2.4

Rows per page:

1-10 of 161

References

git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f

itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html

ncompress.sourceforge.net/

savannah.gnu.org/forum/forum.php?forum_id=6153

secunia.com/advisories/38220

secunia.com/advisories/38223

secunia.com/advisories/38225

secunia.com/advisories/38232

secunia.com/advisories/40551

secunia.com/advisories/40655

secunia.com/advisories/40689

securitytracker.com/id?1023490

support.apple.com/kb/HT4435

www.debian.org/security/2010/dsa-1974

www.debian.org/security/2010/dsa-2074

www.mandriva.com/security/advisories?name=MDVSA-2010:019

www.mandriva.com/security/advisories?name=MDVSA-2010:020

www.mandriva.com/security/advisories?name=MDVSA-2011:152

www.osvdb.org/61869

www.redhat.com/support/errata/RHSA-2010-0061.html

www.ubuntu.com/usn/USN-889-1

www.vupen.com/english/advisories/2010/0185

www.vupen.com/english/advisories/2010/1796

www.vupen.com/english/advisories/2010/1872

bugzilla.redhat.com/show_bug.cgi?id=554418

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10546

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7511

rhn.redhat.com/errata/RHSA-2010-0095.html

8.3 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.061 Low

EPSS

Percentile

93.3%

JSON

Related for PRION:CVE-2010-0001