cvelistv5 - cve-2009-2624

CVE-2009-2624 (GCVE-0-2009-2624)

Vulnerability from cvelistv5

Published

2010-01-29 18:00

Modified

2024-08-07 05:59

Severity ?

CWE

Summary

The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.

References

URL

Tags

cret@cert.org	http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258
cret@cert.org	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263
cret@cert.org	http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2
cret@cert.org	http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
cret@cert.org	http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
cret@cert.org	http://secunia.com/advisories/38132	Vendor Advisory
cret@cert.org	http://secunia.com/advisories/38223	Vendor Advisory
cret@cert.org	http://secunia.com/advisories/38232	Vendor Advisory
cret@cert.org	http://support.apple.com/kb/HT4435
cret@cert.org	http://www.debian.org/security/2010/dsa-1974
cret@cert.org	http://www.mandriva.com/security/advisories?name=MDVSA-2010:020
cret@cert.org	http://www.ubuntu.com/usn/USN-889-1
cret@cert.org	http://www.vupen.com/english/advisories/2010/0185
cret@cert.org	https://bugzilla.redhat.com/show_bug.cgi?id=514711
af854a3a-2127-422b-91ae-364da2661108	http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263
af854a3a-2127-422b-91ae-364da2661108	http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38132	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38223	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38232	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4435
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2010/dsa-1974
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:020
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-889-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0185
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=514711

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:59:56.266Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4435"
          },
          {
            "name": "ADV-2010-0185",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0185"
          },
          {
            "name": "USN-889-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-889-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514711"
          },
          {
            "name": "[bug-gzip] 20091002 gzip-1.3.13 released [major]",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258"
          },
          {
            "name": "APPLE-SA-2010-11-10-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
          },
          {
            "name": "DSA-1974",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-1974"
          },
          {
            "name": "MDVSA-2010:020",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:020"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2"
          },
          {
            "name": "38223",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38223"
          },
          {
            "name": "38132",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38132"
          },
          {
            "name": "SUSE-SA:2010:008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
          },
          {
            "name": "38232",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38232"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive.  NOTE: this issue is caused by a CVE-2006-4334 regression."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-11-18T10:00:00",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4435"
        },
        {
          "name": "ADV-2010-0185",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0185"
        },
        {
          "name": "USN-889-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-889-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514711"
        },
        {
          "name": "[bug-gzip] 20091002 gzip-1.3.13 released [major]",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258"
        },
        {
          "name": "APPLE-SA-2010-11-10-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
        },
        {
          "name": "DSA-1974",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-1974"
        },
        {
          "name": "MDVSA-2010:020",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:020"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2"
        },
        {
          "name": "38223",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38223"
        },
        {
          "name": "38132",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38132"
        },
        {
          "name": "SUSE-SA:2010:008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
        },
        {
          "name": "38232",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38232"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2009-2624",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive.  NOTE: this issue is caused by a CVE-2006-4334 regression."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.apple.com/kb/HT4435",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4435"
            },
            {
              "name": "ADV-2010-0185",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0185"
            },
            {
              "name": "USN-889-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-889-1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=514711",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514711"
            },
            {
              "name": "[bug-gzip] 20091002 gzip-1.3.13 released [major]",
              "refsource": "MLIST",
              "url": "http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258"
            },
            {
              "name": "APPLE-SA-2010-11-10-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
            },
            {
              "name": "DSA-1974",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2010/dsa-1974"
            },
            {
              "name": "MDVSA-2010:020",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:020"
            },
            {
              "name": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2",
              "refsource": "CONFIRM",
              "url": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2"
            },
            {
              "name": "38223",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38223"
            },
            {
              "name": "38132",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38132"
            },
            {
              "name": "SUSE-SA:2010:008",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
            },
            {
              "name": "38232",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38232"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2009-2624",
    "datePublished": "2010-01-29T18:00:00",
    "dateReserved": "2009-07-28T00:00:00",
    "dateUpdated": "2024-08-07T05:59:56.266Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-2624\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2010-01-29T18:30:00.793\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive.  NOTE: this issue is caused by a CVE-2006-4334 regression.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n huft_build en inflate.c en gzip anterior a v1.3.13 crea una tabla hufts (tambi\u00e9n conocido como huffman) demasiado peque\u00f1a, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n o buble infinito), o posiblemente la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo manipulado. NOTA: esta vulnerabilidad est\u00e1 provocada por una regresi\u00f3n del CVE-2006-4334.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.3.12\",\"matchCriteriaId\":\"0782AAD8-CEA7-47E9-A8F2-175FC0B880C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gzip:1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D50385A-1D5D-4517-B5FA-1BB60BA4C484\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gzip:1.2.4a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"752BDD31-53A2-4246-8E95-77694548DB2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gzip:1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCFD9CEE-AAB0-443E-A5C7-6805AFCCF6EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gzip:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7830E23E-C3B2-40D1-A82B-8862F82AA996\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gzip:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48F71B1D-B822-4C4F-9009-8D8E1B9707FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gzip:1.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"079F39E2-69BF-47AC-87CF-A47D37EA27F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gzip:1.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1B19DCC-2441-453F-8CFE-93A2FD37446C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gzip:1.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E92ACD5A-D7D3-4DBA-A7AA-BBCA2E20BA50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gzip:1.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"614F29C6-AEB8-4274-B0F4-865DF32CCBAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gzip:1.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52D3F910-090A-43AA-8639-443DFF230958\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gzip:1.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A28E3EC1-6788-459A-A4F9-0969C007131C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gzip:1.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8563855-787C-488E-B241-1F32AD783E2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gzip:1.3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAD2768C-CD7E-4B2E-8919-8319D84A71DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gzip:1.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E56B3BD-EDB2-4BE1-821F-2F84548FBF9F\"}]}]}],\"references\":[{\"url\":\"http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258\",\"source\":\"cret@cert.org\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263\",\"source\":\"cret@cert.org\"},{\"url\":\"http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2\",\"source\":\"cret@cert.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://secunia.com/advisories/38132\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38223\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38232\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4435\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.debian.org/security/2010/dsa-1974\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:020\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-889-1\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0185\",\"source\":\"cret@cert.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=514711\",\"source\":\"cret@cert.org\"},{\"url\":\"http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38132\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38223\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4435\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2010/dsa-1974\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:020\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-889-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0185\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=514711\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. This issue did not affect the versions of gzip as shipped with Red Hat Enterprise Linux 3, 4, or 5.\",\"lastModified\":\"2010-02-02T00:00:00\"}]}}"
  }
}

ghsa-fx63-8q93-pfr5

Vulnerability from github

Published

2022-05-02 03:37

Modified

2022-05-02 03:37

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-2624"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-01-29T18:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive.  NOTE: this issue is caused by a CVE-2006-4334 regression.",
  "id": "GHSA-fx63-8q93-pfr5",
  "modified": "2022-05-02T03:37:07Z",
  "published": "2022-05-02T03:37:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2624"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514711"
    },
    {
      "type": "WEB",
      "url": "http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263"
    },
    {
      "type": "WEB",
      "url": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38132"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38223"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38232"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4435"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2010/dsa-1974"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:020"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-889-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0185"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

opensuse-su-2024:10059-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

gzip-1.8-1.29 on GA media

Notes

Title of the patch

gzip-1.8-1.29 on GA media

Description of the patch

These are all security issues fixed in the gzip-1.8-1.29 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10059

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "gzip-1.8-1.29 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the gzip-1.8-1.29 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10059",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10059-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2009-2624 page",
        "url": "https://www.suse.com/security/cve/CVE-2009-2624/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2010-0001 page",
        "url": "https://www.suse.com/security/cve/CVE-2010-0001/"
      }
    ],
    "title": "gzip-1.8-1.29 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10059-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gzip-1.8-1.29.aarch64",
                "product": {
                  "name": "gzip-1.8-1.29.aarch64",
                  "product_id": "gzip-1.8-1.29.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gzip-1.8-1.29.ppc64le",
                "product": {
                  "name": "gzip-1.8-1.29.ppc64le",
                  "product_id": "gzip-1.8-1.29.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gzip-1.8-1.29.s390x",
                "product": {
                  "name": "gzip-1.8-1.29.s390x",
                  "product_id": "gzip-1.8-1.29.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gzip-1.8-1.29.x86_64",
                "product": {
                  "name": "gzip-1.8-1.29.x86_64",
                  "product_id": "gzip-1.8-1.29.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gzip-1.8-1.29.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gzip-1.8-1.29.aarch64"
        },
        "product_reference": "gzip-1.8-1.29.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gzip-1.8-1.29.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gzip-1.8-1.29.ppc64le"
        },
        "product_reference": "gzip-1.8-1.29.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gzip-1.8-1.29.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gzip-1.8-1.29.s390x"
        },
        "product_reference": "gzip-1.8-1.29.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gzip-1.8-1.29.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gzip-1.8-1.29.x86_64"
        },
        "product_reference": "gzip-1.8-1.29.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-2624",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2009-2624"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive.  NOTE: this issue is caused by a CVE-2006-4334 regression.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:gzip-1.8-1.29.aarch64",
          "openSUSE Tumbleweed:gzip-1.8-1.29.ppc64le",
          "openSUSE Tumbleweed:gzip-1.8-1.29.s390x",
          "openSUSE Tumbleweed:gzip-1.8-1.29.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2009-2624",
          "url": "https://www.suse.com/security/cve/CVE-2009-2624"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 570331 for CVE-2009-2624",
          "url": "https://bugzilla.suse.com/570331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 588113 for CVE-2009-2624",
          "url": "https://bugzilla.suse.com/588113"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:gzip-1.8-1.29.aarch64",
            "openSUSE Tumbleweed:gzip-1.8-1.29.ppc64le",
            "openSUSE Tumbleweed:gzip-1.8-1.29.s390x",
            "openSUSE Tumbleweed:gzip-1.8-1.29.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2009-2624"
    },
    {
      "cve": "CVE-2010-0001",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2010-0001"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:gzip-1.8-1.29.aarch64",
          "openSUSE Tumbleweed:gzip-1.8-1.29.ppc64le",
          "openSUSE Tumbleweed:gzip-1.8-1.29.s390x",
          "openSUSE Tumbleweed:gzip-1.8-1.29.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2010-0001",
          "url": "https://www.suse.com/security/cve/CVE-2010-0001"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 570331 for CVE-2010-0001",
          "url": "https://bugzilla.suse.com/570331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 588113 for CVE-2010-0001",
          "url": "https://bugzilla.suse.com/588113"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:gzip-1.8-1.29.aarch64",
            "openSUSE Tumbleweed:gzip-1.8-1.29.ppc64le",
            "openSUSE Tumbleweed:gzip-1.8-1.29.s390x",
            "openSUSE Tumbleweed:gzip-1.8-1.29.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2010-0001"
    }
  ]
}

CERTA-2010-AVI-028

Vulnerability from certfr_avis

Deux vulnérabilités dans gzip permettent l'exécution de code arbitraire à distance.

Description

Une vulnérabilité dans la décompression des blocs de données Huffman permet l'exécution de code arbitraire à distance ;
une vulnérabilité liée à un débordement d'entier lors de la décompression de données compressées via l'algorithme Lempel-Ziv-Welch (LZW) permet l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	GNU gzip (voir bulletin de l'éditeur).
Debian	N/A	gzip pour Debian (voir bulletin de l'éditeur) ;
N/A	N/A	gzip pour Mandriva (voir bulletin de l'éditeur) ;
Ubuntu	Ubuntu	gzip pour Ubuntu (voir bulletin de l'éditeur) ;
Red Hat	N/A	gzip pour Red Hat (voir bulletin de l'éditeur) ;

References

Title

Publication Time

Tags

Avis de sécurité Debian DSA-1974-1 du 20 janvier 2010	None	vendor-advisory
Bulletin de sécurité Mandriva MDVSA-2010:020 du 20 janvier 2010 :	-	other
Bulletin de sécurité Debian DSA-1974-1 du 20 janvier 2010 :	-	other
Information de sécurité GNU : 3	-	other
Bulletin de sécurité Ubuntu USN-889-1 du 20 janvier 2010 :	-	other
Bulletin de sécurité Mandriva MDVSA-2010:019 du 20 janvier 2010 :	-	other
Bulletin de sécurité RedHat RHSA-2010:0061 du 20 janvier 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "GNU gzip (voir bulletin de l\u0027\u00e9diteur).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "gzip pour Debian (voir bulletin de l\u0027\u00e9diteur) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Debian",
          "scada": false
        }
      }
    },
    {
      "description": "gzip pour Mandriva (voir bulletin de l\u0027\u00e9diteur) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "gzip pour Ubuntu (voir bulletin de l\u0027\u00e9diteur) ;",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "gzip pour Red Hat (voir bulletin de l\u0027\u00e9diteur) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\n-   Une vuln\u00e9rabilit\u00e9 dans la d\u00e9compression des blocs de donn\u00e9es Huffman\n    permet l\u0027ex\u00e9cution de code arbitraire \u00e0 distance ;\n-   une vuln\u00e9rabilit\u00e9 li\u00e9e \u00e0 un d\u00e9bordement d\u0027entier lors de la\n    d\u00e9compression de donn\u00e9es compress\u00e9es via l\u0027algorithme\n    Lempel-Ziv-Welch (LZW) permet l\u0027ex\u00e9cution de code arbitraire \u00e0\n    distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2624"
    },
    {
      "name": "CVE-2010-0001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0001"
    }
  ],
  "initial_release_date": "2010-01-22T00:00:00",
  "last_revision_date": "2010-01-22T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2010:020 du 20 janvier    2010 :",
      "url": "http://www.mandriva.com/archives/security/advisories?name=MDVSA-2010:020"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1974-1 du 20 janvier 2010 :",
      "url": "http://www.debian.org/security/2010/dsa-1974"
    },
    {
      "title": "Information de s\u00e9curit\u00e9 GNU :      3",
      "url": "http://savannah.gnu.org/forum/forum.php?forum_id=615"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-889-1 du 20 janvier 2010 :",
      "url": "http://www.ubuntulinux.org/usn/usn-889-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2010:019 du 20 janvier    2010 :",
      "url": "http://www.mandriva.com/archives/security/advisories?name=MDVSA-2010:019"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2010:0061 du 20 janvier    2010 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0061.html"
    }
  ],
  "reference": "CERTA-2010-AVI-028",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-01-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s dans gzip permettent l\u0027ex\u00e9cution de code arbitraire\n\u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans gzip",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Debian DSA-1974-1 du 20 janvier 2010",
      "url": null
    }
  ]
}

CERTA-2010-AVI-548

Vulnerability from certfr_avis

De nombreuses vulnérabilités ont été découvertes dans le système d'exploitation Mac OS X. Leur exploitation permet, entre autres, l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été corrigées dans différents composants du système d'exploitation Mac OS X. Notamment :

AFP Server ;
AppKit ;
ATS ;
CFNetwork ;
CoreGraphics ;
CoreText ;
Directory Services ;
diskdev_cmds ;
Disk Images ;
Image Capture ;
ImageIO ;
Image RAW ;
Kernel ;
Networking ;
Password Server ;
Printing ;
QuickLook ;
QuickTime ;
Safari ;
Time Machine ;
Wiki Server ;
xar.

Cette mise à jour corrige également un grand nombre de vulnérabilités dans des logiciels inclus au système d'exploitation comme Apache, CUPS, Flash Player, gzip, MySQL, OpenLDAP, OpenSSL, PHP, python, X11.

Parmi les failles corrigées, certaines permettent l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X Server 10.6.0 à 10.6.4.
N/A	N/A	Mac OS X 10.5.8 ;
N/A	N/A	Mac OS X 10.6.0 à 10.6.4 ;
N/A	N/A	Mac OS X Server 10.5.8 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 2010-007 du 11 novembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server 10.6.0 \u00e0 10.6.4.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6.0 \u00e0 10.6.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans diff\u00e9rents composants\ndu syst\u00e8me d\u0027exploitation Mac OS X. Notamment :\n\n-   AFP Server ;\n-   AppKit ;\n-   ATS ;\n-   CFNetwork ;\n-   CoreGraphics ;\n-   CoreText ;\n-   Directory Services ;\n-   diskdev_cmds ;\n-   Disk Images ;\n-   Image Capture ;\n-   ImageIO ;\n-   Image RAW ;\n-   Kernel ;\n-   Networking ;\n-   Password Server ;\n-   Printing ;\n-   QuickLook ;\n-   QuickTime ;\n-   Safari ;\n-   Time Machine ;\n-   Wiki Server ;\n-   xar.\n\nCette mise \u00e0 jour corrige \u00e9galement un grand nombre de vuln\u00e9rabilit\u00e9s\ndans des logiciels inclus au syst\u00e8me d\u0027exploitation comme Apache, CUPS,\nFlash Player, gzip, MySQL, OpenLDAP, OpenSSL, PHP, python, X11.\n\nParmi les failles corrig\u00e9es, certaines permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3793"
    },
    {
      "name": "CVE-2010-2167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2167"
    },
    {
      "name": "CVE-2010-2173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2173"
    },
    {
      "name": "CVE-2010-3783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3783"
    },
    {
      "name": "CVE-2010-2163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2163"
    },
    {
      "name": "CVE-2010-3642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3642"
    },
    {
      "name": "CVE-2009-4134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4134"
    },
    {
      "name": "CVE-2010-1803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1803"
    },
    {
      "name": "CVE-2010-3788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3788"
    },
    {
      "name": "CVE-2010-3638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3638"
    },
    {
      "name": "CVE-2010-1846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1846"
    },
    {
      "name": "CVE-2010-2484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2484"
    },
    {
      "name": "CVE-2010-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3640"
    },
    {
      "name": "CVE-2010-0434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0434"
    },
    {
      "name": "CVE-2010-1834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1834"
    },
    {
      "name": "CVE-2010-2499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2499"
    },
    {
      "name": "CVE-2010-2519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2519"
    },
    {
      "name": "CVE-2010-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3646"
    },
    {
      "name": "CVE-2010-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0211"
    },
    {
      "name": "CVE-2010-2531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2531"
    },
    {
      "name": "CVE-2010-2170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2170"
    },
    {
      "name": "CVE-2010-3784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3784"
    },
    {
      "name": "CVE-2010-1840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1840"
    },
    {
      "name": "CVE-2010-1845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1845"
    },
    {
      "name": "CVE-2010-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3639"
    },
    {
      "name": "CVE-2010-3654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3654"
    },
    {
      "name": "CVE-2010-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0205"
    },
    {
      "name": "CVE-2010-1752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1752"
    },
    {
      "name": "CVE-2010-2249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2249"
    },
    {
      "name": "CVE-2010-3643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3643"
    },
    {
      "name": "CVE-2010-1849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1849"
    },
    {
      "name": "CVE-2010-1842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1842"
    },
    {
      "name": "CVE-2010-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2176"
    },
    {
      "name": "CVE-2010-3650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3650"
    },
    {
      "name": "CVE-2010-1378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1378"
    },
    {
      "name": "CVE-2010-2497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2497"
    },
    {
      "name": "CVE-2010-3798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3798"
    },
    {
      "name": "CVE-2010-2162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2162"
    },
    {
      "name": "CVE-2009-2474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2474"
    },
    {
      "name": "CVE-2010-1205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
    },
    {
      "name": "CVE-2010-2172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2172"
    },
    {
      "name": "CVE-2010-2181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2181"
    },
    {
      "name": "CVE-2010-3796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3796"
    },
    {
      "name": "CVE-2010-1850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1850"
    },
    {
      "name": "CVE-2010-3795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3795"
    },
    {
      "name": "CVE-2010-2160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2160"
    },
    {
      "name": "CVE-2010-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3786"
    },
    {
      "name": "CVE-2010-3644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3644"
    },
    {
      "name": "CVE-2010-2179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2179"
    },
    {
      "name": "CVE-2010-1831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1831"
    },
    {
      "name": "CVE-2010-3647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3647"
    },
    {
      "name": "CVE-2010-3790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3790"
    },
    {
      "name": "CVE-2010-2214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2214"
    },
    {
      "name": "CVE-2010-1450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1450"
    },
    {
      "name": "CVE-2010-0408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0408"
    },
    {
      "name": "CVE-2010-2165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2165"
    },
    {
      "name": "CVE-2010-2171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2171"
    },
    {
      "name": "CVE-2010-1844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1844"
    },
    {
      "name": "CVE-2010-2498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2498"
    },
    {
      "name": "CVE-2010-4010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4010"
    },
    {
      "name": "CVE-2010-3793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3793"
    },
    {
      "name": "CVE-2010-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0209"
    },
    {
      "name": "CVE-2010-2182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2182"
    },
    {
      "name": "CVE-2010-3649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3649"
    },
    {
      "name": "CVE-2010-1847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1847"
    },
    {
      "name": "CVE-2010-1841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1841"
    },
    {
      "name": "CVE-2010-2175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2175"
    },
    {
      "name": "CVE-2010-2180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2180"
    },
    {
      "name": "CVE-2010-1828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1828"
    },
    {
      "name": "CVE-2010-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0397"
    },
    {
      "name": "CVE-2010-2520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2520"
    },
    {
      "name": "CVE-2008-4546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4546"
    },
    {
      "name": "CVE-2010-1297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
    },
    {
      "name": "CVE-2010-2941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2941"
    },
    {
      "name": "CVE-2010-2187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2187"
    },
    {
      "name": "CVE-2010-2164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2164"
    },
    {
      "name": "CVE-2010-2884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2884"
    },
    {
      "name": "CVE-2010-3636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3636"
    },
    {
      "name": "CVE-2010-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1836"
    },
    {
      "name": "CVE-2010-3794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3794"
    },
    {
      "name": "CVE-2010-2161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2161"
    },
    {
      "name": "CVE-2010-1843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1843"
    },
    {
      "name": "CVE-2010-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2808"
    },
    {
      "name": "CVE-2010-2215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2215"
    },
    {
      "name": "CVE-2010-2805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2805"
    },
    {
      "name": "CVE-2010-2178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2178"
    },
    {
      "name": "CVE-2010-3787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3787"
    },
    {
      "name": "CVE-2010-1832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1832"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2010-2177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2177"
    },
    {
      "name": "CVE-2009-2473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2473"
    },
    {
      "name": "CVE-2010-3053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3053"
    },
    {
      "name": "CVE-2010-3789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3789"
    },
    {
      "name": "CVE-2010-1829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1829"
    },
    {
      "name": "CVE-2010-2166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2166"
    },
    {
      "name": "CVE-2010-1848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1848"
    },
    {
      "name": "CVE-2010-3645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3645"
    },
    {
      "name": "CVE-2010-0212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0212"
    },
    {
      "name": "CVE-2010-3054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3054"
    },
    {
      "name": "CVE-2010-2184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2184"
    },
    {
      "name": "CVE-2010-3648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3648"
    },
    {
      "name": "CVE-2010-3791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3791"
    },
    {
      "name": "CVE-2010-1449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1449"
    },
    {
      "name": "CVE-2010-3976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3976"
    },
    {
      "name": "CVE-2010-3797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3797"
    },
    {
      "name": "CVE-2010-1830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1830"
    },
    {
      "name": "CVE-2010-3641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3641"
    },
    {
      "name": "CVE-2010-2189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2189"
    },
    {
      "name": "CVE-2010-3792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3792"
    },
    {
      "name": "CVE-2010-2216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2216"
    },
    {
      "name": "CVE-2010-2174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2174"
    },
    {
      "name": "CVE-2010-2169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2169"
    },
    {
      "name": "CVE-2010-1837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1837"
    },
    {
      "name": "CVE-2010-2806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2806"
    },
    {
      "name": "CVE-2009-2624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2624"
    },
    {
      "name": "CVE-2010-2188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2188"
    },
    {
      "name": "CVE-2010-2185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2185"
    },
    {
      "name": "CVE-2010-1833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1833"
    },
    {
      "name": "CVE-2010-1811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1811"
    },
    {
      "name": "CVE-2010-2500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2500"
    },
    {
      "name": "CVE-2010-2213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2213"
    },
    {
      "name": "CVE-2009-0796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0796"
    },
    {
      "name": "CVE-2010-2186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2186"
    },
    {
      "name": "CVE-2010-1838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1838"
    },
    {
      "name": "CVE-2010-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2807"
    },
    {
      "name": "CVE-2010-3785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3785"
    },
    {
      "name": "CVE-2010-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2183"
    },
    {
      "name": "CVE-2010-0105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0105"
    },
    {
      "name": "CVE-2010-0001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0001"
    },
    {
      "name": "CVE-2010-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3652"
    }
  ],
  "initial_release_date": "2010-11-12T00:00:00",
  "last_revision_date": "2010-11-12T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-548",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-11-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation \u003cspan class=\"textit\"\u003eMac OS X\u003c/span\u003e. Leur exploitation\npermet, entre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2010-007 du 11 novembre 2010",
      "url": "http://support.apple.com/kb/HT4435"
    }
  ]
}

fkie_cve-2009-2624

Vulnerability from fkie_nvd

Published

2010-01-29 18:30

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cret@cert.org	http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258
cret@cert.org	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263
cret@cert.org	http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2
cret@cert.org	http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
cret@cert.org	http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
cret@cert.org	http://secunia.com/advisories/38132	Vendor Advisory
cret@cert.org	http://secunia.com/advisories/38223	Vendor Advisory
cret@cert.org	http://secunia.com/advisories/38232	Vendor Advisory
cret@cert.org	http://support.apple.com/kb/HT4435
cret@cert.org	http://www.debian.org/security/2010/dsa-1974
cret@cert.org	http://www.mandriva.com/security/advisories?name=MDVSA-2010:020
cret@cert.org	http://www.ubuntu.com/usn/USN-889-1
cret@cert.org	http://www.vupen.com/english/advisories/2010/0185
cret@cert.org	https://bugzilla.redhat.com/show_bug.cgi?id=514711
af854a3a-2127-422b-91ae-364da2661108	http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263
af854a3a-2127-422b-91ae-364da2661108	http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38132	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38223	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38232	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4435
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2010/dsa-1974
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:020
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-889-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0185
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=514711

Impacted products

Vendor	Product	Version
gnu	gzip	*
gnu	gzip	1.2.4
gnu	gzip	1.2.4a
gnu	gzip	1.3
gnu	gzip	1.3.1
gnu	gzip	1.3.2
gnu	gzip	1.3.3
gnu	gzip	1.3.4
gnu	gzip	1.3.5
gnu	gzip	1.3.6
gnu	gzip	1.3.7
gnu	gzip	1.3.8
gnu	gzip	1.3.9
gnu	gzip	1.3.10
gnu	gzip	1.3.11

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0782AAD8-CEA7-47E9-A8F2-175FC0B880C3",
              "versionEndIncluding": "1.3.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gzip:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D50385A-1D5D-4517-B5FA-1BB60BA4C484",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gzip:1.2.4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "752BDD31-53A2-4246-8E95-77694548DB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gzip:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCFD9CEE-AAB0-443E-A5C7-6805AFCCF6EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gzip:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7830E23E-C3B2-40D1-A82B-8862F82AA996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gzip:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "48F71B1D-B822-4C4F-9009-8D8E1B9707FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gzip:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "079F39E2-69BF-47AC-87CF-A47D37EA27F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gzip:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1B19DCC-2441-453F-8CFE-93A2FD37446C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gzip:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E92ACD5A-D7D3-4DBA-A7AA-BBCA2E20BA50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gzip:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "614F29C6-AEB8-4274-B0F4-865DF32CCBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gzip:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "52D3F910-090A-43AA-8639-443DFF230958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gzip:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A28E3EC1-6788-459A-A4F9-0969C007131C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gzip:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8563855-787C-488E-B241-1F32AD783E2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gzip:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD2768C-CD7E-4B2E-8919-8319D84A71DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gzip:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E56B3BD-EDB2-4BE1-821F-2F84548FBF9F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive.  NOTE: this issue is caused by a CVE-2006-4334 regression."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n huft_build en inflate.c en gzip anterior a v1.3.13 crea una tabla hufts (tambi\u00e9n conocido como huffman) demasiado peque\u00f1a, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n o buble infinito), o posiblemente la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo manipulado. NOTA: esta vulnerabilidad est\u00e1 provocada por una regresi\u00f3n del CVE-2006-4334."
    }
  ],
  "id": "CVE-2009-2624",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-01-29T18:30:00.793",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258"
    },
    {
      "source": "cret@cert.org",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263"
    },
    {
      "source": "cret@cert.org",
      "url": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2"
    },
    {
      "source": "cret@cert.org",
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38132"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38223"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38232"
    },
    {
      "source": "cret@cert.org",
      "url": "http://support.apple.com/kb/HT4435"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.debian.org/security/2010/dsa-1974"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:020"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.ubuntu.com/usn/USN-889-1"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.vupen.com/english/advisories/2010/0185"
    },
    {
      "source": "cret@cert.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38223"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4435"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-1974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-889-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514711"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the versions of gzip as shipped with Red Hat Enterprise Linux 3, 4, or 5.",
      "lastModified": "2010-02-02T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2009-2624

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-2624

Aliases

CVE-2009-2624

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-2624",
    "description": "The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive.  NOTE: this issue is caused by a CVE-2006-4334 regression.",
    "id": "GSD-2009-2624",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-2624.html",
      "https://www.debian.org/security/2010/dsa-1974"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-2624"
      ],
      "details": "The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive.  NOTE: this issue is caused by a CVE-2006-4334 regression.",
      "id": "GSD-2009-2624",
      "modified": "2023-12-13T01:19:46.484406Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2009-2624",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive.  NOTE: this issue is caused by a CVE-2006-4334 regression."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://support.apple.com/kb/HT4435",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4435"
          },
          {
            "name": "ADV-2010-0185",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0185"
          },
          {
            "name": "USN-889-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-889-1"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=514711",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514711"
          },
          {
            "name": "[bug-gzip] 20091002 gzip-1.3.13 released [major]",
            "refsource": "MLIST",
            "url": "http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258"
          },
          {
            "name": "APPLE-SA-2010-11-10-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
          },
          {
            "name": "DSA-1974",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2010/dsa-1974"
          },
          {
            "name": "MDVSA-2010:020",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:020"
          },
          {
            "name": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2",
            "refsource": "CONFIRM",
            "url": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2"
          },
          {
            "name": "38223",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38223"
          },
          {
            "name": "38132",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38132"
          },
          {
            "name": "SUSE-SA:2010:008",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
          },
          {
            "name": "38232",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38232"
          },
          {
            "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263",
            "refsource": "CONFIRM",
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gzip:1.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gzip:1.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.3.12",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gzip:1.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gzip:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gzip:1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gzip:1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gzip:1.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gzip:1.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gzip:1.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gzip:1.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gzip:1.2.4a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gzip:1.3.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gzip:1.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gzip:1.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2009-2624"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive.  NOTE: this issue is caused by a CVE-2006-4334 regression."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SA:2010:008",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
            },
            {
              "name": "38132",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/38132"
            },
            {
              "name": "USN-889-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-889-1"
            },
            {
              "name": "ADV-2010-0185",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0185"
            },
            {
              "name": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2"
            },
            {
              "name": "38223",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/38223"
            },
            {
              "name": "38232",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/38232"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=514711",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514711"
            },
            {
              "name": "MDVSA-2010:020",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:020"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263"
            },
            {
              "name": "DSA-1974",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2010/dsa-1974"
            },
            {
              "name": "[bug-gzip] 20091002 gzip-1.3.13 released [major]",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258"
            },
            {
              "name": "http://support.apple.com/kb/HT4435",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4435"
            },
            {
              "name": "APPLE-SA-2010-11-10-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2010-11-18T06:29Z",
      "publishedDate": "2010-01-29T18:30Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-2624 (GCVE-0-2009-2624)

Vulnerability from cvelistv5

ghsa-fx63-8q93-pfr5

Vulnerability from github

opensuse-su-2024:10059-1

Vulnerability from csaf_opensuse

CERTA-2010-AVI-028

Vulnerability from certfr_avis

Description

Solution

CERTA-2010-AVI-548

Vulnerability from certfr_avis

Description

Solution

fkie_cve-2009-2624

Vulnerability from fkie_nvd

gsd-2009-2624

Vulnerability from gsd

Tags

Sightings

Nomenclature