This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Gnu | First view | 2010-01-29 |
| Product | Gzip | Last view | 2010-01-29 |
| Version | 1.3.6 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:gnu:gzip | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.8 | 2010-01-29 | CVE-2010-0001 | Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. |
| 6.8 | 2010-01-29 | CVE-2009-2624 | The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-189 | Numeric Errors |
| 50% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 61875 | GNU gzip inflate.c huft_build() Function Infinite Loop DoS |
| 61869 | GNU gzip unlzw.c unlzw() Function LZW File Handling Underflow |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-04-16 | Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl |
| 2011-10-21 | Name : Mandriva Update for ncompress MDVSA-2011:152 (ncompress) File : nvt/gb_mandriva_MDVSA_2011_152.nasl |
| 2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
| 2011-08-09 | Name : CentOS Update for gzip CESA-2010:0061 centos5 i386 File : nvt/gb_CESA-2010_0061_gzip_centos5_i386.nasl |
| 2010-08-21 | Name : Debian Security Advisory DSA 2074-1 (ncompress) File : nvt/deb_2074_1.nasl |
| 2010-03-02 | Name : Fedora Update for gzip FEDORA-2010-0884 File : nvt/gb_fedora_2010_0884_gzip_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for gzip FEDORA-2010-0964 File : nvt/gb_fedora_2010_0964_gzip_fc11.nasl |
| 2010-02-04 | Name : GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Linux) File : nvt/gb_gzip_inflate_dos_vuln_lin.nasl |
| 2010-02-04 | Name : GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Win) File : nvt/gb_gzip_inflate_dos_vuln_win.nasl |
| 2010-02-01 | Name : Debian Security Advisory DSA 1974-1 (gzip) File : nvt/deb_1974_1.nasl |
| 2010-01-29 | Name : SuSE Update for acroread SUSE-SA:2010:008 File : nvt/gb_suse_2010_008.nasl |
| 2010-01-25 | Name : RedHat Update for gzip RHSA-2010:0061-02 File : nvt/gb_RHSA-2010_0061-02_gzip.nasl |
| 2010-01-22 | Name : CentOS Update for gzip CESA-2010:0061 centos3 i386 File : nvt/gb_CESA-2010_0061_gzip_centos3_i386.nasl |
| 2010-01-22 | Name : CentOS Update for gzip CESA-2010:0061 centos3 x86_64 File : nvt/gb_CESA-2010_0061_gzip_centos3_x86_64.nasl |
| 2010-01-22 | Name : Mandriva Update for gzip MDVSA-2010:020 (gzip) File : nvt/gb_mandriva_MDVSA_2010_020.nasl |
| 2010-01-22 | Name : Ubuntu Update for gzip vulnerabilities USN-889-1 File : nvt/gb_ubuntu_USN_889_1.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-03-08 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_VMSA-2010-0009_remote.nasl - Type: ACT_GATHER_INFO |
| 2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_gzip_20141107.nasl - Type: ACT_GATHER_INFO |
| 2014-12-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2010-0061.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing a security update. File: sl_20100120_gzip_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
| 2011-10-18 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2011-152.nasl - Type: ACT_GATHER_INFO |
| 2010-11-10 | Name: The remote host is missing a Mac OS X update that fixes various security issues. File: macosx_10_6_5.nasl - Type: ACT_GATHER_INFO |
| 2010-11-10 | Name: The remote host is missing a Mac OS X update that fixes security issues. File: macosx_SecUpd2010-007.nasl - Type: ACT_GATHER_INFO |
| 2010-10-11 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_gzip-6793.nasl - Type: ACT_GATHER_INFO |
| 2010-07-22 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2074.nasl - Type: ACT_GATHER_INFO |
| 2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-0884.nasl - Type: ACT_GATHER_INFO |
| 2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-0964.nasl - Type: ACT_GATHER_INFO |
| 2010-06-01 | Name: The remote VMware ESXi / ESX host is missing one or more security-related pat... File: vmware_VMSA-2010-0009.nasl - Type: ACT_GATHER_INFO |
| 2010-03-02 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2010-060-03.nasl - Type: ACT_GATHER_INFO |
| 2010-02-24 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1974.nasl - Type: ACT_GATHER_INFO |
| 2010-01-26 | Name: The remote openSUSE host is missing a security update. File: suse_11_1_gzip-100120.nasl - Type: ACT_GATHER_INFO |
| 2010-01-26 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_gzip-6792.nasl - Type: ACT_GATHER_INFO |
| 2010-01-26 | Name: The remote SuSE 11 host is missing a security update. File: suse_11_gzip-100120.nasl - Type: ACT_GATHER_INFO |
| 2010-01-26 | Name: The remote openSUSE host is missing a security update. File: suse_11_2_gzip-100120.nasl - Type: ACT_GATHER_INFO |
| 2010-01-26 | Name: The remote openSUSE host is missing a security update. File: suse_11_0_gzip-100120.nasl - Type: ACT_GATHER_INFO |
| 2010-01-26 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_12573.nasl - Type: ACT_GATHER_INFO |
| 2010-01-21 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-889-1.nasl - Type: ACT_GATHER_INFO |
| 2010-01-21 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2010-0061.nasl - Type: ACT_GATHER_INFO |
| 2010-01-21 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2010-020.nasl - Type: ACT_GATHER_INFO |
| 2010-01-21 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2010-0061.nasl - Type: ACT_GATHER_INFO |
