Executive Summary

Informations
Name CVE-2009-2624 First vendor Publication 2010-01-29
Vendor Cve Last vendor Modification 2010-11-18

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2624

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 16

OpenVAS Exploits

Date Description
2011-09-07 Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
File : nvt/gb_macosx_su10-007.nasl
2010-03-02 Name : Fedora Update for gzip FEDORA-2010-0884
File : nvt/gb_fedora_2010_0884_gzip_fc12.nasl
2010-03-02 Name : Fedora Update for gzip FEDORA-2010-0964
File : nvt/gb_fedora_2010_0964_gzip_fc11.nasl
2010-02-04 Name : GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Linux)
File : nvt/gb_gzip_inflate_dos_vuln_lin.nasl
2010-02-04 Name : GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Win)
File : nvt/gb_gzip_inflate_dos_vuln_win.nasl
2010-02-01 Name : Debian Security Advisory DSA 1974-1 (gzip)
File : nvt/deb_1974_1.nasl
2010-01-29 Name : SuSE Update for acroread SUSE-SA:2010:008
File : nvt/gb_suse_2010_008.nasl
2010-01-22 Name : Mandriva Update for gzip MDVSA-2010:020 (gzip)
File : nvt/gb_mandriva_MDVSA_2010_020.nasl
2010-01-22 Name : Ubuntu Update for gzip vulnerabilities USN-889-1
File : nvt/gb_ubuntu_USN_889_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
61875 GNU gzip inflate.c huft_build() Function Infinite Loop DoS

Nessus® Vulnerability Scanner

Date Description
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_gzip_20141107.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-0884.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-0964.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1974.nasl - Type : ACT_GATHER_INFO
2010-01-26 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_gzip-100120.nasl - Type : ACT_GATHER_INFO
2010-01-26 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_gzip-100120.nasl - Type : ACT_GATHER_INFO
2010-01-26 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_gzip-100120.nasl - Type : ACT_GATHER_INFO
2010-01-26 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_gzip-100120.nasl - Type : ACT_GATHER_INFO
2010-01-21 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2010-020.nasl - Type : ACT_GATHER_INFO
2010-01-21 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-889-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
APPLE http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263
http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba...
http://support.apple.com/kb/HT4435
https://bugzilla.redhat.com/show_bug.cgi?id=514711
DEBIAN http://www.debian.org/security/2010/dsa-1974
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2010:020
MLIST http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258
SECUNIA http://secunia.com/advisories/38132
http://secunia.com/advisories/38223
http://secunia.com/advisories/38232
SUSE http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
UBUNTU http://www.ubuntu.com/usn/USN-889-1
VUPEN http://www.vupen.com/english/advisories/2010/0185

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2020-05-23 01:40:40
  • Multiple Updates
2020-05-23 00:24:05
  • Multiple Updates
2016-04-26 19:00:09
  • Multiple Updates
2015-01-21 13:24:40
  • Multiple Updates
2014-12-16 13:24:30
  • Multiple Updates
2014-02-17 10:50:57
  • Multiple Updates
2013-05-10 23:54:39
  • Multiple Updates