CVE-2002-0059

CRITICAL

Zlib < 1.1.3 - Double Free

Title source: rule

Description

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

References (16)

[Broken Link] ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt

[Broken Link] http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469

[Broken Link] http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022

[Broken Link] http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt

[Third Party Advisory, US Government Resource] http://www.cert.org/advisories/CA-2002-07.html

[Broken Link] http://www.debian.org/security/2002/dsa-122

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/368819

[Broken Link, Patch, Vendor Advisory] http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php

[Broken Link] http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3

[Broken Link, Patch, Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2002-026.html

[Broken Link, Patch, Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2002-027.html

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/4267

[Broken Link] http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030

[Broken Link] http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036

[Broken Link] http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/8427

Scores

CVSS v3 9.8

EPSS 0.3322

EPSS Percentile 96.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status draft

Affected Products (1)

zlib/zlib < 1.1.3

Timeline

Published Mar 15, 2002

Tracked Since Feb 18, 2026