6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
The gzip package is vulnerable to Denial Of Service (DoS). An integer underflow flaw, leading to an array index error, was found in the way gzip expanded archive files compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. If a victim expanded a specially-crafted archive, it could cause gzip to crash or, potentially, execute arbitrary code with the privileges of the user running gzip. This flaw only affects 64-bit systems.
git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f
itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
ncompress.sourceforge.net/#status
savannah.gnu.org/forum/forum.php?forum_id=6153
secunia.com/advisories/38220
secunia.com/advisories/38223
secunia.com/advisories/38225
secunia.com/advisories/38232
secunia.com/advisories/40551
secunia.com/advisories/40655
secunia.com/advisories/40689
securitytracker.com/id?1023490
support.apple.com/kb/HT4435
www.debian.org/security/2010/dsa-1974
www.debian.org/security/2010/dsa-2074
www.mandriva.com/security/advisories?name=MDVSA-2010:019
www.mandriva.com/security/advisories?name=MDVSA-2010:020
www.mandriva.com/security/advisories?name=MDVSA-2011:152
www.osvdb.org/61869
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2010-0061.html
www.ubuntu.com/usn/USN-889-1
www.vupen.com/english/advisories/2010/0185
www.vupen.com/english/advisories/2010/1796
www.vupen.com/english/advisories/2010/1872
access.redhat.com/errata/RHSA-2010:0061
access.redhat.com/security/cve/CVE-2010-0001
bugzilla.redhat.com/show_bug.cgi?id=554418
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10546
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7511
rhn.redhat.com/errata/RHSA-2010-0095.html