ID CVE-2005-2096
Summary zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:zlib:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:zlib:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:zlib:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:zlib:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:zlib:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:zlib:1.2.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 19-10-2018 - 15:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2013-04-29T04:14:27.080-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
    family unix
    id oval:org.mitre.oval:def:11500
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
    version 22
  • accepted 2006-02-22T08:27:00.000-04:00
    class vulnerability
    contributors
    name Robert L. Hollis
    organization ThreatGuard, Inc.
    description zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
    family unix
    id oval:org.mitre.oval:def:1262
    status accepted
    submitted 2006-01-11T12:55:00.000-04:00
    title zlib Compression Remote DoS Vulnerability (B.11.23)
    version 31
  • accepted 2006-02-22T08:27:00.000-04:00
    class vulnerability
    contributors
    name Robert L. Hollis
    organization ThreatGuard, Inc.
    description zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
    family unix
    id oval:org.mitre.oval:def:1542
    status accepted
    submitted 2006-01-11T12:55:00.000-04:00
    title zlib Compression Remote DoS Vulnerability (B.11.00/B.11.11)
    version 32
redhat via4
advisories
  • rhsa
    id RHSA-2005:569
  • rhsa
    id RHSA-2008:0629
refmap via4
apple
  • APPLE-SA-2005-08-15
  • APPLE-SA-2005-08-17
  • APPLE-SA-2008-11-13
bid 14162
bugtraq
  • 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates
  • 20071018 Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096)
  • 20071018 Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
  • 20071020 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
  • 20071021 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
  • 20071029 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
  • 20071029 Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096)
cert-vn VU#680620
confirm
debian
  • DSA-1026
  • DSA-740
  • DSA-797
fedora FLSA:162680
freebsd FreeBSD-SA-05:16.zlib
gentoo
  • GLSA-200507-05
  • GLSA-200509-18
hp
  • HPSBUX02090
  • SSRT051058
mandrake MDKSA-2005:112
mandriva
  • MDKSA-2005:196
  • MDKSA-2006:070
misc https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162391
sco SCOSA-2006.6
sectrack 1014398
secunia
  • 15949
  • 17054
  • 17225
  • 17236
  • 17326
  • 17516
  • 18377
  • 18406
  • 18507
  • 19550
  • 19597
  • 24788
  • 31492
  • 32706
sunalert 101989
suse SUSE-SA:2005:039
ubuntu
  • USN-148-1
  • USN-151-3
vupen
  • ADV-2005-0978
  • ADV-2006-0144
  • ADV-2007-1267
xf hpux-secure-shell-dos(24064)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 19-10-2018 - 15:32
Published 06-07-2005 - 04:00
Back to Top