{"api_version":"1","generated_at":"2026-04-22T23:29:24+00:00","cve":"CVE-2010-0001","urls":{"html":"https://cve.report/CVE-2010-0001","api":"https://cve.report/api/cve/CVE-2010-0001.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2010-0001","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2010-0001"},"summary":{"title":"CVE-2010-0001","description":"Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2010-01-29 18:30:00","updated_at":"2023-02-13 02:20:00"},"problem_types":["CWE-189"],"metrics":[],"references":[{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:020","name":"MDVSA-2010:020","refsource":"MANDRIVA","tags":[],"title":"Advisories | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/38220","name":"38220","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"GNU gzip \"unlzw()\" Integer Underflow Vulnerability - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:152","name":"MDVSA-2011:152","refsource":"MANDRIVA","tags":[],"title":"Support / Security / Advisories /  / MDVSA-2011:152 | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2010/dsa-2074","name":"DSA-2074","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-2074-1 ncompress","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083","name":"SSRT100018","refsource":"HP","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://secunia.com/advisories/38225","name":"38225","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Red Hat update for gzip - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1023490","name":"1023490","refsource":"SECTRACK","tags":[],"title":"Gzip Integer Underflow in Processing LZW Compressed Archives May Let Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2010-0001","name":"https://access.redhat.com/security/cve/CVE-2010-0001","refsource":"MISC","tags":[],"title":"access.redhat.com | CVE-2010-0001","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html","name":"APPLE-SA-2010-11-10-1","refsource":"APPLE","tags":[],"title":"APPLE-SA-2010-11-10-1 Mac OS X v10.6.5 and Security Update 2010-007","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/40689","name":"40689","refsource":"SECUNIA","tags":[],"title":"Debian update for ncompress - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2010:0061","name":"https://access.redhat.com/errata/RHSA-2010:0061","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2010/1872","name":"ADV-2010-1872","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2010/dsa-1974","name":"DSA-1974","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-1974-1 gzip","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/38232","name":"38232","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Ubuntu update for gzip - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f","name":"http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f","refsource":"CONFIRM","tags":[],"title":"gzip.git - Unnamed repository; edit this file 'description' to name the repository.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2010-0061.html","name":"RHSA-2010:0061","refsource":"REDHAT","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/40551","name":"40551","refsource":"SECUNIA","tags":[],"title":"HP Insight Control Suite For Linux Multiple Vulnerabilities - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=554418","name":"https://bugzilla.redhat.com/show_bug.cgi?id=554418","refsource":"CONFIRM","tags":[],"title":"554418 – (CVE-2010-0001) CVE-2010-0001 gzip: (64 bit) Integer underflow by decompressing LZW format files","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-889-1","name":"USN-889-1","refsource":"UBUNTU","tags":[],"title":"USN-889-1: gzip vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2010-0095.html","name":"RHSA-2010:0095","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html","name":"SUSE-SA:2010:008","refsource":"SUSE","tags":[],"title":"[security-announce] SUSE Security Announcement: acoread (SUSE-SA:2010:00","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/61869","name":"61869","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://secunia.com/advisories/38223","name":"38223","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Debian update for gzip - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://savannah.gnu.org/forum/forum.php?forum_id=6153","name":"http://savannah.gnu.org/forum/forum.php?forum_id=6153","refsource":"CONFIRM","tags":[],"title":"GNU gzip - News: gzip-1.4 released [stable/security]   [Savannah]","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2010/1796","name":"ADV-2010-1796","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2010/0185","name":"ADV-2010-0185","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/40655","name":"40655","refsource":"SECUNIA","tags":[],"title":"Security Alerts - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://ncompress.sourceforge.net/#status","name":"http://ncompress.sourceforge.net/#status","refsource":"CONFIRM","tags":[],"title":"ncompress: a public domain project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7511","name":"oval:org.mitre.oval:def:7511","refsource":"OVAL","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","name":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","refsource":"CONFIRM","tags":[],"title":"Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10546","name":"oval:org.mitre.oval:def:10546","refsource":"OVAL","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.apple.com/kb/HT4435","name":"http://support.apple.com/kb/HT4435","refsource":"CONFIRM","tags":[],"title":"About the security content of Mac OS X v10.6.5 and Security Update 2010-007","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:019","name":"MDVSA-2010:019","refsource":"MANDRIVA","tags":[],"title":"Advisories | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2010-0001","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-0001","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.2.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.2.4a","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.2.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.2.4a","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"1.3.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1","vulnerable":"1","versionEndIncluding":"1.3.13","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"gzip","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2010-0001","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"https://rhn.redhat.com/errata/RHSA-2010-0095.html","refsource":"MISC","name":"https://rhn.redhat.com/errata/RHSA-2010-0095.html"},{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","refsource":"MISC","name":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"},{"url":"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html","refsource":"MISC","name":"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"},{"url":"http://support.apple.com/kb/HT4435","refsource":"MISC","name":"http://support.apple.com/kb/HT4435"},{"url":"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083","refsource":"MISC","name":"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"},{"url":"http://secunia.com/advisories/40551","refsource":"MISC","name":"http://secunia.com/advisories/40551"},{"url":"http://www.vupen.com/english/advisories/2010/1796","refsource":"MISC","name":"http://www.vupen.com/english/advisories/2010/1796"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html","refsource":"MISC","name":"http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"},{"url":"http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f","refsource":"MISC","name":"http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f"},{"url":"http://ncompress.sourceforge.net/#status","refsource":"MISC","name":"http://ncompress.sourceforge.net/#status"},{"url":"http://savannah.gnu.org/forum/forum.php?forum_id=6153","refsource":"MISC","name":"http://savannah.gnu.org/forum/forum.php?forum_id=6153"},{"url":"http://secunia.com/advisories/38220","refsource":"MISC","name":"http://secunia.com/advisories/38220"},{"url":"http://secunia.com/advisories/38223","refsource":"MISC","name":"http://secunia.com/advisories/38223"},{"url":"http://secunia.com/advisories/38225","refsource":"MISC","name":"http://secunia.com/advisories/38225"},{"url":"http://secunia.com/advisories/38232","refsource":"MISC","name":"http://secunia.com/advisories/38232"},{"url":"http://secunia.com/advisories/40655","refsource":"MISC","name":"http://secunia.com/advisories/40655"},{"url":"http://secunia.com/advisories/40689","refsource":"MISC","name":"http://secunia.com/advisories/40689"},{"url":"http://securitytracker.com/id?1023490","refsource":"MISC","name":"http://securitytracker.com/id?1023490"},{"url":"http://www.debian.org/security/2010/dsa-1974","refsource":"MISC","name":"http://www.debian.org/security/2010/dsa-1974"},{"url":"http://www.debian.org/security/2010/dsa-2074","refsource":"MISC","name":"http://www.debian.org/security/2010/dsa-2074"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:019","refsource":"MISC","name":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:019"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:020","refsource":"MISC","name":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:020"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:152","refsource":"MISC","name":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:152"},{"url":"http://www.osvdb.org/61869","refsource":"MISC","name":"http://www.osvdb.org/61869"},{"url":"http://www.redhat.com/support/errata/RHSA-2010-0061.html","refsource":"MISC","name":"http://www.redhat.com/support/errata/RHSA-2010-0061.html"},{"url":"http://www.ubuntu.com/usn/USN-889-1","refsource":"MISC","name":"http://www.ubuntu.com/usn/USN-889-1"},{"url":"http://www.vupen.com/english/advisories/2010/0185","refsource":"MISC","name":"http://www.vupen.com/english/advisories/2010/0185"},{"url":"http://www.vupen.com/english/advisories/2010/1872","refsource":"MISC","name":"http://www.vupen.com/english/advisories/2010/1872"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10546","refsource":"MISC","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10546"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7511","refsource":"MISC","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7511"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=554418","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=554418"}]}},"nvd":{"publishedDate":"2010-01-29 18:30:00","lastModifiedDate":"2023-02-13 02:20:00","problem_types":["CWE-189"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3.13","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:gzip:1.3.12:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:gzip:1.3.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:gzip:1.3.8:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:gzip:1.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:gzip:1.3.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:gzip:1.3.11:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:gzip:1.3.6:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:gzip:1.3.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:gzip:1.2.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:gzip:1.3.10:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:gzip:1.3.5:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:gzip:1.3.7:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:gzip:1.2.4a:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:gzip:1.3.9:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:gzip:1.3.4:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2010","CveId":"1","Ordinal":"41545","Title":"CVE-2010-0001","CVE":"CVE-2010-0001","Year":"2010"},"notes":[{"CveYear":"2010","CveId":"1","Ordinal":"1","NoteData":"Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.","Type":"Description","Title":null},{"CveYear":"2010","CveId":"1","Ordinal":"2","NoteData":"2010-01-29","Type":"Other","Title":"Published"},{"CveYear":"2010","CveId":"1","Ordinal":"3","NoteData":"2017-09-18","Type":"Other","Title":"Modified"}]}}}