Summary
Detail | |||
---|---|---|---|
Vendor | Gnu | First view | 2010-01-29 |
Product | Gzip | Last view | 2010-01-29 |
Version | 1.3.6 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:gnu:gzip |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.8 | 2010-01-29 | CVE-2010-0001 | Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. |
6.8 | 2010-01-29 | CVE-2009-2624 | The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-189 | Numeric Errors |
50% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
61875 | GNU gzip inflate.c huft_build() Function Infinite Loop DoS |
61869 | GNU gzip unlzw.c unlzw() Function LZW File Handling Underflow |
OpenVAS Exploits
id | Description |
---|---|
2012-04-16 | Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl |
2011-10-21 | Name : Mandriva Update for ncompress MDVSA-2011:152 (ncompress) File : nvt/gb_mandriva_MDVSA_2011_152.nasl |
2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
2011-08-09 | Name : CentOS Update for gzip CESA-2010:0061 centos5 i386 File : nvt/gb_CESA-2010_0061_gzip_centos5_i386.nasl |
2010-08-21 | Name : Debian Security Advisory DSA 2074-1 (ncompress) File : nvt/deb_2074_1.nasl |
2010-03-02 | Name : Fedora Update for gzip FEDORA-2010-0884 File : nvt/gb_fedora_2010_0884_gzip_fc12.nasl |
2010-03-02 | Name : Fedora Update for gzip FEDORA-2010-0964 File : nvt/gb_fedora_2010_0964_gzip_fc11.nasl |
2010-02-04 | Name : GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Linux) File : nvt/gb_gzip_inflate_dos_vuln_lin.nasl |
2010-02-04 | Name : GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Win) File : nvt/gb_gzip_inflate_dos_vuln_win.nasl |
2010-02-01 | Name : Debian Security Advisory DSA 1974-1 (gzip) File : nvt/deb_1974_1.nasl |
2010-01-29 | Name : SuSE Update for acroread SUSE-SA:2010:008 File : nvt/gb_suse_2010_008.nasl |
2010-01-25 | Name : RedHat Update for gzip RHSA-2010:0061-02 File : nvt/gb_RHSA-2010_0061-02_gzip.nasl |
2010-01-22 | Name : CentOS Update for gzip CESA-2010:0061 centos3 i386 File : nvt/gb_CESA-2010_0061_gzip_centos3_i386.nasl |
2010-01-22 | Name : CentOS Update for gzip CESA-2010:0061 centos3 x86_64 File : nvt/gb_CESA-2010_0061_gzip_centos3_x86_64.nasl |
2010-01-22 | Name : Mandriva Update for gzip MDVSA-2010:020 (gzip) File : nvt/gb_mandriva_MDVSA_2010_020.nasl |
2010-01-22 | Name : Ubuntu Update for gzip vulnerabilities USN-889-1 File : nvt/gb_ubuntu_USN_889_1.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2016-03-08 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_VMSA-2010-0009_remote.nasl - Type: ACT_GATHER_INFO |
2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_gzip_20141107.nasl - Type: ACT_GATHER_INFO |
2014-12-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2010-0061.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing a security update. File: sl_20100120_gzip_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
2011-10-18 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2011-152.nasl - Type: ACT_GATHER_INFO |
2010-11-10 | Name: The remote host is missing a Mac OS X update that fixes various security issues. File: macosx_10_6_5.nasl - Type: ACT_GATHER_INFO |
2010-11-10 | Name: The remote host is missing a Mac OS X update that fixes security issues. File: macosx_SecUpd2010-007.nasl - Type: ACT_GATHER_INFO |
2010-10-11 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_gzip-6793.nasl - Type: ACT_GATHER_INFO |
2010-07-22 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2074.nasl - Type: ACT_GATHER_INFO |
2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-0884.nasl - Type: ACT_GATHER_INFO |
2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-0964.nasl - Type: ACT_GATHER_INFO |
2010-06-01 | Name: The remote VMware ESXi / ESX host is missing one or more security-related pat... File: vmware_VMSA-2010-0009.nasl - Type: ACT_GATHER_INFO |
2010-03-02 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2010-060-03.nasl - Type: ACT_GATHER_INFO |
2010-02-24 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1974.nasl - Type: ACT_GATHER_INFO |
2010-01-26 | Name: The remote openSUSE host is missing a security update. File: suse_11_1_gzip-100120.nasl - Type: ACT_GATHER_INFO |
2010-01-26 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_gzip-6792.nasl - Type: ACT_GATHER_INFO |
2010-01-26 | Name: The remote SuSE 11 host is missing a security update. File: suse_11_gzip-100120.nasl - Type: ACT_GATHER_INFO |
2010-01-26 | Name: The remote openSUSE host is missing a security update. File: suse_11_2_gzip-100120.nasl - Type: ACT_GATHER_INFO |
2010-01-26 | Name: The remote openSUSE host is missing a security update. File: suse_11_0_gzip-100120.nasl - Type: ACT_GATHER_INFO |
2010-01-26 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_12573.nasl - Type: ACT_GATHER_INFO |
2010-01-21 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-889-1.nasl - Type: ACT_GATHER_INFO |
2010-01-21 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2010-0061.nasl - Type: ACT_GATHER_INFO |
2010-01-21 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2010-020.nasl - Type: ACT_GATHER_INFO |
2010-01-21 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2010-0061.nasl - Type: ACT_GATHER_INFO |