| ID |
CVE-2005-2096
|
| Summary |
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:zlib:zlib:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.1:*:*:*:*:*:*:*
-
cpe:2.3:a:zlib:zlib:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.0:*:*:*:*:*:*:*
-
cpe:2.3:a:zlib:zlib:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.2:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.5 (as of 22-06-2022 - 16:40) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| oval
via4
|
| accepted | 2013-04-29T04:14:27.080-04:00 | | class | vulnerability | | contributors | | name | Aharon Chernin | | organization | SCAP.com, LLC |
| name | Dragos Prisaca | | organization | G2, Inc. |
| | definition_extensions | | comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | | oval | oval:org.mitre.oval:def:11831 |
| comment | CentOS Linux 4.x | | oval | oval:org.mitre.oval:def:16636 |
| comment | Oracle Linux 4.x | | oval | oval:org.mitre.oval:def:15990 |
| | description | zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | | family | unix | | id | oval:org.mitre.oval:def:11500 | | status | accepted | | submitted | 2010-07-09T03:56:16-04:00 | | title | zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | | version | 28 |
| accepted | 2006-02-22T08:27:00.000-04:00 | | class | vulnerability | | contributors | | name | Robert L. Hollis | | organization | ThreatGuard, Inc. |
| | description | zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | | family | unix | | id | oval:org.mitre.oval:def:1262 | | status | accepted | | submitted | 2006-01-11T12:55:00.000-04:00 | | title | zlib Compression Remote DoS Vulnerability (B.11.23) | | version | 35 |
| accepted | 2006-02-22T08:27:00.000-04:00 | | class | vulnerability | | contributors | | name | Robert L. Hollis | | organization | ThreatGuard, Inc. |
| | description | zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | | family | unix | | id | oval:org.mitre.oval:def:1542 | | status | accepted | | submitted | 2006-01-11T12:55:00.000-04:00 | | title | zlib Compression Remote DoS Vulnerability (B.11.00/B.11.11) | | version | 36 |
|
| redhat
via4
|
| advisories | | | rpms | - zlib-0:1.2.1.2-1.1
- zlib-debuginfo-0:1.2.1.2-1.1
- zlib-devel-0:1.2.1.2-1.1
- rhn-solaris-bootstrap-0:5.0.2-3
- rhn_solaris_bootstrap_5_0_2_3-0:1-0
- rhn-solaris-bootstrap-0:5.0.2-3
- rhn_solaris_bootstrap_5_0_2_3-0:1-0
- rhn-solaris-bootstrap-0:5.1.1-3
- rhn_solaris_bootstrap_5_1_1_3-0:1-0
|
|
| refmap
via4
|
| apple | - APPLE-SA-2005-08-15
- APPLE-SA-2005-08-17
- APPLE-SA-2008-11-13
| | bid | 14162 | | bugtraq | - 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates
- 20071018 Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096)
- 20071018 Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
- 20071020 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
- 20071021 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
- 20071029 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
- 20071029 Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096)
| | cert-vn | VU#680620 | | confirm | | | debian | | | fedora | FLSA:162680 | | freebsd | FreeBSD-SA-05:16.zlib | | gentoo | - GLSA-200507-05
- GLSA-200509-18
| | hp | | | mandrake | MDKSA-2005:112 | | mandriva | - MDKSA-2005:196
- MDKSA-2006:070
| | misc | https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162391 | | sco | SCOSA-2006.6 | | sectrack | 1014398 | | secunia | - 15949
- 17054
- 17225
- 17236
- 17326
- 17516
- 18377
- 18406
- 18507
- 19550
- 19597
- 24788
- 31492
- 32706
| | sunalert | 101989 | | suse | SUSE-SA:2005:039 | | ubuntu | | | vupen | - ADV-2005-0978
- ADV-2006-0144
- ADV-2007-1267
| | xf | hpux-secure-shell-dos(24064) |
|
| statements
via4
|
| contributor | Mark J Cox | | lastmodified | 2007-03-14 | | organization | Red Hat | | statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
|
| Last major update |
22-06-2022 - 16:40 |
| Published |
06-07-2005 - 04:00 |
| Last modified |
22-06-2022 - 16:40 |
