GZip 'huft_build()' In 'inflate.c' Input Validation Vulnerability (Win) Network Vulnerability

Summary

This host is installed with GZip and is prone to Input Validation Vulnerability

Impact

Successful exploitation could result in Denial of Serivce (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. Impact Level: Application

Solution

Apply the patch or Upgrade to GZip version 1.3.13 http://www.gzip.org/index-f.html#sources http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2 ***** NOTE: Ignore this warning, if above mentioned patch is already applied. *****

Insight

The flaw is due to error in 'huft_build()' function in 'inflate.c', creates a hufts table that is too small.

Affected

GZip version prior to 1.3.13 on Windows

References

http://secunia.com/advisories/38132
http://www.vupen.com/english/advisories/2010/0185
https://bugzilla.redhat.com/show_bug.cgi?id=514711

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2624
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

DB2 discovery service DOS
Cogent DataHub Integer Overflow Vulnerability
Apache Connection Blocking Denial of Service
FreeRADIUS Tunnel-Password Denial Of Service Vulnerability
Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Win

GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Win)

Take action and discover your vulnerabilities