CVE-2002-0059
CRITICAL
Published Mar 15, 200224y ago · Modified Jun 16, 20262w ago
9.8 CVSS 3.1
Published Mar 15, 2002 24y ago
Last Modified Jun 16, 2026 2w ago
Description
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-415
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| zlib | zlib | * | ≤1.1.3 |
References 16
- ftp.caldera.com ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt
- distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469
- frontal2.mandriva.com http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022
- caldera.com http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
- cert.org http://www.cert.org/advisories/CA-2002-07.html
- debian.org http://www.debian.org/security/2002/dsa-122
- kb.cert.org http://www.kb.cert.org/vuls/id/368819
- linux-mandrake.com http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
- linux-mandrake.com http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
- redhat.com http://www.redhat.com/support/errata/RHSA-2002-026.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2002-027.html
- securityfocus.com http://www.securityfocus.com/bid/4267
- www1.itrc.hp.com http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030
- www1.itrc.hp.com http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036
- www1.itrc.hp.com http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/8427
Remediation
- linux-mandrake.com http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
- redhat.com http://www.redhat.com/support/errata/RHSA-2002-026.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2002-027.html