Lucene search

K

[email protected]NVD:CVE-2010-0001

HistoryJan 29, 2010 - 6:30 p.m.

CVE-2010-0001

2010-01-2918:30:00

CWE-189

[email protected]

web.nvd.nist.gov

6

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8

Confidence

High

EPSS

0.061

Percentile

93.6%

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.

Affected configurations

Nvd

Node

gnugzipRange≤1.3.13

OR

gnugzipMatch1.2.4

OR

gnugzipMatch1.2.4a

OR

gnugzipMatch1.3

OR

gnugzipMatch1.3.1

OR

gnugzipMatch1.3.2

OR

gnugzipMatch1.3.3

OR

gnugzipMatch1.3.4

OR

gnugzipMatch1.3.5

OR

gnugzipMatch1.3.6

OR

gnugzipMatch1.3.7

OR

gnugzipMatch1.3.8

OR

gnugzipMatch1.3.9

OR

gnugzipMatch1.3.10

OR

gnugzipMatch1.3.11

OR

gnugzipMatch1.3.12

References

git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f

itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html

ncompress.sourceforge.net/#status

savannah.gnu.org/forum/forum.php?forum_id=6153

secunia.com/advisories/38220

secunia.com/advisories/38223

secunia.com/advisories/38225

secunia.com/advisories/38232

secunia.com/advisories/40551

secunia.com/advisories/40655

secunia.com/advisories/40689

securitytracker.com/id?1023490

support.apple.com/kb/HT4435

www.debian.org/security/2010/dsa-1974

www.debian.org/security/2010/dsa-2074

www.mandriva.com/security/advisories?name=MDVSA-2010:019

www.mandriva.com/security/advisories?name=MDVSA-2010:020

www.mandriva.com/security/advisories?name=MDVSA-2011:152

www.osvdb.org/61869

www.redhat.com/support/errata/RHSA-2010-0061.html

www.ubuntu.com/usn/USN-889-1

www.vupen.com/english/advisories/2010/0185

www.vupen.com/english/advisories/2010/1796

www.vupen.com/english/advisories/2010/1872

bugzilla.redhat.com/show_bug.cgi?id=554418

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10546

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7511

rhn.redhat.com/errata/RHSA-2010-0095.html

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8

Confidence

High

EPSS

0.061

Percentile

93.6%

Related for NVD:CVE-2010-0001

debiancve1 slackware1 openvas31 redhat2 nessus24 securityvulns5 cvelist1 ubuntucve1 oraclelinux1 prion1 altlinux2 veracode1 debian3 centos1 cve1 ibm1 fedora2 ubuntu1 osv1 suse1 gentoo1 vmware2 kitploit1