CVE-2003-0107

Current Description

Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.

Basic Data

PublishedMarch 07, 2003
Last ModifiedJanuary 03, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationGnuZlib1.1.4*******

Vulnerable Software List

VendorProductVersions
Gnu Zlib 1.1.4

References

NameSourceURLTags
CSSA-2003-011.0ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txtCALDERA
NetBSD-SA2003-004ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.ascNETBSD
CLSA-2003:619http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619CONECTIVA
JVN#78689801http://jvn.jp/en/jp/JVN78689801/index.htmlJVN
JVNDB-2015-000066http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.htmlJVNDB
http://lists.apple.com/mhonarc/security-announce/msg00038.htmlhttp://lists.apple.com/mhonarc/security-announce/msg00038.htmlCONFIRM
20030223 poc zlib sploit just for fun :)http://marc.info/?l=bugtraq&m=104610337726297&w=2BUGTRAQ
20030224 Re: buffer overrun in zlib 1.1.4http://marc.info/?l=bugtraq&m=104610536129508&w=2BUGTRAQ
20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25http://marc.info/?l=bugtraq&m=104620610427210&w=2BUGTRAQ
GLSA-200303-25http://marc.info/?l=bugtraq&m=104887247624907&w=2GENTOO
20030222 buffer overrun in zlib 1.1.4http://online.securityfocus.com/archive/1/312869BUGTRAQExploit
57405http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405SUNALERT
zlib-gzprintf-bo(11381)http://www.iss.net/security_center/static/11381.phpXFVendor Advisory
VU#142121http://www.kb.cert.org/vuls/id/142121CERT-VNUS Government Resource
MDKSA-2003:033http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033MANDRAKE
6599http://www.osvdb.org/6599OSVDB
RHSA-2003:079http://www.redhat.com/support/errata/RHSA-2003-079.htmlREDHAT
RHSA-2003:081http://www.redhat.com/support/errata/RHSA-2003-081.htmlREDHAT
6913http://www.securityfocus.com/bid/6913BID