CVE-2002-0059: Double Free
First published: Fri Mar 15 2002(Updated: )
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| zlib | <=1.1.3 | |
| zlib | =1.1.1 | |
| zlib | =1.0.1 | |
| zlib | =1.0 | |
| zlib | =1.0.5 | |
| zlib | =1.0.3 | |
| zlib | =1.1 | |
| zlib | =1.0.2 | |
| zlib | =1.0.6 | |
| zlib | =1.0.4 | |
| zlib | =1.0.7 | |
| zlib | =1.1.2 | |
| zlib | =1.0.8 | |
| zlib | =1.1.3 | |
| zlib | =1.0.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/support/errata/RHSA-2002-026.html
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
- http://www.redhat.com/support/errata/RHSA-2002-027.html
- http://www.cert.org/advisories/CA-2002-07.html
- http://www.kb.cert.org/vuls/id/368819
- http://www.debian.org/security/2002/dsa-122
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022
- http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
- http://www.securityfocus.com/bid/4267
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8427
Frequently Asked Questions
What is the severity of CVE-2002-0059?
CVE-2002-0059 is classified as a critical vulnerability due to the potential for remote code execution.
How do I fix CVE-2002-0059?
To fix CVE-2002-0059, upgrade to zlib version 1.1.4 or later.
What does CVE-2002-0059 affect?
CVE-2002-0059 affects zlib versions 1.1.3 and earlier.
Can CVE-2002-0059 be exploited remotely?
Yes, CVE-2002-0059 can be exploited by attackers remotely through malformed compression data.
What are the consequences of CVE-2002-0059?
The consequences of CVE-2002-0059 include the potential for arbitrary code execution leading to system compromise.
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- vendor/zlib
- canonical/zlib
- version/zlib/1.1.3
- version/zlib/1.1.1
- version/zlib/1.0.1
- version/zlib/1.0
- version/zlib/1.0.5
- version/zlib/1.0.3
- version/zlib/1.1
- version/zlib/1.0.2
- version/zlib/1.0.6
- version/zlib/1.0.4
- version/zlib/1.0.7
- version/zlib/1.1.2
- version/zlib/1.0.8
- version/zlib/1.0.9