CVE-2002-0059

CRITICAL
Published Mar 15, 200224y ago · Modified Jun 16, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Mar 15, 2002 24y ago
Last Modified Jun 16, 2026 2w ago

Description

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-415

Affected Products 1

VendorProductVersionRange
zlibzlib* ≤1.1.3

References 16

  • ftp.caldera.com ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt
    Broken Link
  • distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469
    Broken Link
  • frontal2.mandriva.com http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022
    Broken Link
  • caldera.com http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
    Broken Link
  • cert.org http://www.cert.org/advisories/CA-2002-07.html
    Third Party AdvisoryUS Government Resource
  • debian.org http://www.debian.org/security/2002/dsa-122
    Broken Link
  • kb.cert.org http://www.kb.cert.org/vuls/id/368819
    Third Party AdvisoryUS Government Resource
  • linux-mandrake.com http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
    Broken LinkPatchVendor Advisory
  • linux-mandrake.com http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
    Broken Link
  • redhat.com http://www.redhat.com/support/errata/RHSA-2002-026.html
    Broken LinkPatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2002-027.html
    Broken LinkPatchVendor Advisory
  • securityfocus.com http://www.securityfocus.com/bid/4267
    Broken LinkThird Party AdvisoryVDB Entry
  • www1.itrc.hp.com http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030
    Broken Link
  • www1.itrc.hp.com http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036
    Broken Link
  • www1.itrc.hp.com http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037
    Broken Link
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/8427
    Third Party AdvisoryVDB Entry

Remediation

  • linux-mandrake.com http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
    Broken LinkPatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2002-026.html
    Broken LinkPatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2002-027.html
    Broken LinkPatchVendor Advisory