Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2009-2624
HistoryJan 29, 2010 - 6:30 p.m.

CVE-2009-2624

2010-01-2918:30:00
CWE-20
[email protected]
web.nvd.nist.gov
60
huft_build
gzip
denial of service
application crash
infinite loop
arbitrary code
crafted archive
cve-2009-2624

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.5

Confidence

High

EPSS

0.155

Percentile

95.9%

JSON

The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.

Affected configurations

NVD
Node
gnugzipRange≀1.3.12
OR
gnugzipMatch1.2.4
OR
gnugzipMatch1.2.4a
OR
gnugzipMatch1.3
OR
gnugzipMatch1.3.1
OR
gnugzipMatch1.3.2
OR
gnugzipMatch1.3.3
OR
gnugzipMatch1.3.4
OR
gnugzipMatch1.3.5
OR
gnugzipMatch1.3.6
OR
gnugzipMatch1.3.7
OR
gnugzipMatch1.3.8
OR
gnugzipMatch1.3.9
OR
gnugzipMatch1.3.10
OR
gnugzipMatch1.3.11
VendorProductVersionCPE
gnugzipcpe:/a:gnu:gzip::::
gnugzip1.3.8cpe:/a:gnu:gzip:1.3.8:::
gnugzip1.3.4cpe:/a:gnu:gzip:1.3.4:::
gnugzip1.3.6cpe:/a:gnu:gzip:1.3.6:::
gnugzip1.3.3cpe:/a:gnu:gzip:1.3.3:::
gnugzip1.2.4acpe:/a:gnu:gzip:1.2.4a:::
gnugzip1.3.11cpe:/a:gnu:gzip:1.3.11:::
gnugzip1.3.1cpe:/a:gnu:gzip:1.3.1:::
gnugzip1.3.9cpe:/a:gnu:gzip:1.3.9:::
gnugzip1.3cpe:/a:gnu:gzip:1.3:::
Rows per page:
1-10 of 151

Related

nessus 28
prion 1
cvelist 2
debiancve 2
nvd 2
ubuntucve 2
osv 2
openvas 37
debian 2
fedora 2
ubuntu 2
veracode 1
cve 1
cert 1
oraclelinux 1
gentoo 2
centos 2
securityvulns 4
freebsd 1
redhat 1
suse 2
freebsd_advisory 1
slackware 1
seebug 1
nessus
nessus
Oracle Solaris Third-Party Patch Update : gzip (cve_2009_2624_denial_of)
2015-01-19 00:00:00
Debian DSA-1974-1 : gzip - several vulnerabilities
2010-02-24 00:00:00
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : gzip vulnerabilities (USN-889-1)
2010-01-21 00:00:00
prion
prion
Design/Logic Flaw
2010-01-29 18:30:00
cvelist
cvelist
CVE-2009-2624
2010-01-29 18:00:00
CVE-2006-4334
2006-09-19 21:00:00
debiancve
debiancve
CVE-2009-2624
2010-01-29 18:30:00
CVE-2006-4334
2006-09-19 21:07:00
nvd
nvd
CVE-2009-2624
2010-01-29 18:30:00
CVE-2006-4334
2006-09-19 21:07:00
ubuntucve
ubuntucve
CVE-2009-2624
2010-01-20 00:00:00
CVE-2006-4334
2006-09-19 00:00:00
osv
osv
gzip - arbitrary code execution
2010-01-20 00:00:00
gzip
2006-09-19 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1974-1)
2010-02-01 00:00:00
Debian Security Advisory DSA 1974-1 (gzip)
2010-02-01 00:00:00
GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Linux)
2010-02-04 00:00:00
debian
debian
[SECURITY] [DSA 1974-1] New gzip packages fix arbitrary code execution
2010-01-20 14:16:48
[SECURITY] [DSA 1181-1] New gzip packages fix arbitrary code execution
2006-09-19 19:19:34
fedora
fedora
[SECURITY] Fedora 11 Update: gzip-1.3.12-10.fc11
2010-02-01 01:04:06
[SECURITY] Fedora 12 Update: gzip-1.3.12-14.fc12
2010-02-01 01:03:15
ubuntu
ubuntu
gzip vulnerabilities
2010-01-20 00:00:00
gzip vulnerabilities
2006-09-20 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:15:00
cve
cve
CVE-2006-4334
2006-09-19 21:07:00
cert
cert
gzip NULL dereference in huft_build()
2006-09-19 00:00:00
oraclelinux
oraclelinux
Moderate gzip security update
2006-11-30 00:00:00
gentoo
gentoo
gzip: Multiple vulnerabilities
2006-09-23 00:00:00
Multiple packages, Multiple vulnerabilities fixed in 2010
2014-12-11 00:00:00
centos
centos
gzip security update
2006-09-19 23:19:38
gzip security update
2006-09-19 14:54:11
securityvulns
securityvulns
[security bulletin] HPSBUX02195 SSRT061237 rev.1 - HP-UX Running Software Distributor (SD), Remote Denial of Service (DoS)
2007-03-07 00:00:00
Multiple gzip security vulnerabilities
2007-03-07 00:00:00
FreeBSD Security Advisory FreeBSD-SA-06:21.gzip
2006-09-19 00:00:00
freebsd
freebsd
gzip -- multiple vulnerabilities
2006-09-19 00:00:00
redhat
redhat
(RHSA-2006:0667) gzip security update
2006-09-19 00:00:00
suse
suse
remote system compromise in gzip
2006-09-26 13:43:14
remote code execution in acroread
2010-01-26 16:40:23
freebsd_advisory
freebsd_advisory
FreeBSD-SA-06:21.gzip
2006-09-19 00:00:00
slackware
slackware
[slackware-security] gzip
2006-09-19 21:15:29
seebug
seebug
Apple Mac OS X 2006-007ć­˜ćœšć€šäžȘćź‰ć…šæŒæŽž
2006-11-29 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.5

Confidence

High

EPSS

0.155

Percentile

95.9%

JSON
Related for CVE-2009-2624
nessus28prion1cvelist2debiancve2nvd2ubuntucve2osv2openvas37debian2fedora2ubuntu2veracode1cve1cert1oraclelinux1gentoo2centos2securityvulns4freebsd1redhat1suse2freebsd_advisory1slackware1seebug1