'Compress::Raw::Zlib' Perl模块远程代码执行漏洞

2009-06-1500:00:00

Root

www.seebug.org

0.007 Low

EPSS

Percentile

77.7%

JSON

Bugraq ID: 35307
CVE ID：CVE-2009-1391
CNCVE ID：CNCVE-20091391

Compress::Raw::Zlib是一款Zlib压缩库提供perl低级接口的模块。
Compress::Raw::Zlib inflate()存在缓冲区溢出，远程攻击者可以利用漏洞使应用程序崩溃或以应用程序权限执行任意指令。
Zlib.xs中的"inflate()"函数存在单字节错误，当处理特殊构建的压缩数据时存在堆缓冲区溢出，可导致perl进程关起或崩溃。

Compress::Raw::Zlib 2.015
Compress::Raw::Zlib 2.014
升级程序：
Compress::Raw::Zlib Compress::Raw::Zlib 2.015
Compress::Raw::Zlib Compress-Raw-Zlib-2.017.tar.gz
<a href=“http://search.cpan.org/CPAN/authors/id/P/PM/PMQS/Compress-Raw-Zlib-2.0” target=“_blank”>http://search.cpan.org/CPAN/authors/id/P/PM/PMQS/Compress-Raw-Zlib-2.0</a> 17.tar.gz
Compress::Raw::Zlib Compress::Raw::Zlib 2.014
Compress::Raw::Zlib Compress-Raw-Zlib-2.017.tar.gz
<a href=“http://search.cpan.org/CPAN/authors/id/P/PM/PMQS/Compress-Raw-Zlib-2.0” target=“_blank”>http://search.cpan.org/CPAN/authors/id/P/PM/PMQS/Compress-Raw-Zlib-2.0</a> 17.tar.gz


                                                可参考如下测试方法：
https://bugzilla.redhat.com/attachment.cgi?id=346729

0.007 Low

EPSS

Percentile

77.7%

JSON

Related for SSV:11621