CVE-2002-0059
Summary
| CVE | CVE-2002-0059 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2002-03-15 05:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data. |
Risk And Classification
Primary CVSS: v3.1 9.8 CRITICAL from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Problem Types: CWE-415 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 2.0 | [email protected] | Primary | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www1.itrc.hp.com/service/cki/docDisplay.do | af854a3a-2127-422b-91ae-364da2661108 | www1.itrc.hp.com | Broken Link |
| www1.itrc.hp.com/service/cki/docDisplay.do | af854a3a-2127-422b-91ae-364da2661108 | www1.itrc.hp.com | Broken Link |
| redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Broken Link, Patch, Vendor Advisory |
| redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Broken Link, Patch, Vendor Advisory |
| CERT Advisory CA-2002-07 Double Free Bug in zlib Compression Library | af854a3a-2127-422b-91ae-364da2661108 | www.cert.org | Third Party Advisory, US Government Resource |
| Debian -- Security Information -- DSA-122-1 zlib | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Broken Link |
| www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php | af854a3a-2127-422b-91ae-364da2661108 | www.linux-mandrake.com | Broken Link, Patch, Vendor Advisory |
| CERT/CC Vulnerability Note VU#368819 | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | Third Party Advisory, US Government Resource |
| 404 | Caldera | af854a3a-2127-422b-91ae-364da2661108 | www.caldera.com | Broken Link |
| www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3 | af854a3a-2127-422b-91ae-364da2661108 | www.linux-mandrake.com | Broken Link |
| Advisories - Mandriva Linux | af854a3a-2127-422b-91ae-364da2661108 | frontal2.mandriva.com | Broken Link |
| www1.itrc.hp.com/service/cki/docDisplay.do | af854a3a-2127-422b-91ae-364da2661108 | www1.itrc.hp.com | Broken Link |
| ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt | af854a3a-2127-422b-91ae-364da2661108 | ftp.caldera.com | Broken Link |
| ZLib Compression Library Heap Corruption Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Broken Link, Third Party Advisory, VDB Entry |
| Home - Conectiva | af854a3a-2127-422b-91ae-364da2661108 | distro.conectiva.com.br | Broken Link |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 20389 IBM DB2 Multiple Vulnerabilities (7087162)