What is the severity of CVE-2010-0001?

CVE-2010-0001 is considered a medium severity vulnerability due to the potential for remote code execution.

How do I fix CVE-2010-0001?

To fix CVE-2010-0001, update gzip to version 1.3.14 or later, which addresses the integer underflow issue.

Which versions of gzip are affected by CVE-2010-0001?

The affected versions of gzip include all versions prior to 1.3.14, specifically versions 1.2.4 through 1.3.13.

What type of vulnerability is CVE-2010-0001?

CVE-2010-0001 is an integer underflow vulnerability that leads to array index errors during file decompression.

Can CVE-2010-0001 be exploited remotely?

Yes, CVE-2010-0001 can be exploited remotely if a user decompresses a specially-crafted LZW compressed gzip archive.

Vulnerability/
CVE-2010-0001

medium

6.8

CWE

189

11/1/2010

29/1/2010

7/8/2024

CVE-2010-0001

First published: Mon Jan 11 2010(Updated: )

An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel–Ziv–Welch (LZW) compression algorithm. A remote attacker could provide a specially-crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip. Upstream patch: --------------- <a href="http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f">http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f</a> Acknowledgements: Red Hat would like to thank Aki Helin of the Oulu University Secure Programming Group for responsibly reporting this flaw.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
gzip	<=1.3.13
gzip	=1.3.12
gzip	=1.3.1
gzip	=1.3.8
gzip	=1.3
gzip	=1.3.3
gzip	=1.3.11
gzip	=1.3.6
gzip	=1.3.2
gzip	=1.2.4
gzip	=1.3.10
gzip	=1.3.5
gzip	=1.3.7
gzip	=1.2.4a
gzip	=1.3.9
gzip	=1.3.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-0001?
CVE-2010-0001 is considered a medium severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2010-0001?
To fix CVE-2010-0001, update gzip to version 1.3.14 or later, which addresses the integer underflow issue.
Which versions of gzip are affected by CVE-2010-0001?
The affected versions of gzip include all versions prior to 1.3.14, specifically versions 1.2.4 through 1.3.13.
What type of vulnerability is CVE-2010-0001?
CVE-2010-0001 is an integer underflow vulnerability that leads to array index errors during file decompression.
Can CVE-2010-0001 be exploited remotely?
Yes, CVE-2010-0001 can be exploited remotely if a user decompresses a specially-crafted LZW compressed gzip archive.

agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2010-0001
agent/severity
agent/last-modified-date
agent/references
agent/weakness
agent/author
agent/description
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/gnu
canonical/gnu gzip
version/gnu gzip/1.3.13
version/gnu gzip/1.2.4
version/gnu gzip/1.2.4a
version/gnu gzip/1.3
version/gnu gzip/1.3.1
version/gnu gzip/1.3.2
version/gnu gzip/1.3.3
version/gnu gzip/1.3.4
version/gnu gzip/1.3.5
version/gnu gzip/1.3.6
version/gnu gzip/1.3.7
version/gnu gzip/1.3.8
version/gnu gzip/1.3.9
version/gnu gzip/1.3.10
version/gnu gzip/1.3.11
version/gnu gzip/1.3.12