CVE-2005-1849

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt

http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

http://secunia.com/advisories/16137

http://secunia.com/advisories/17326

http://secunia.com/advisories/17516

http://secunia.com/advisories/18377

http://secunia.com/advisories/19334

http://secunia.com/advisories/19550

http://secunia.com/advisories/19597

http://secunia.com/advisories/24788

http://secunia.com/advisories/31492

http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz

http://securitytracker.com/id?1014540

http://www.debian.org/security/2005/dsa-763

http://www.debian.org/security/2005/dsa-797

http://www.debian.org/security/2006/dsa-1026

http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml

http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2005:196

http://www.mandriva.com/security/advisories?name=MDKSA-2006:070

http://www.novell.com/linux/security/advisories/2005_43_zlib.html

http://www.osvdb.org/18141

http://www.redhat.com/support/errata/RHSA-2005-584.html

http://www.redhat.com/support/errata/RHSA-2008-0629.html

http://www.securityfocus.com/archive/1/464745/100/0/threaded

http://www.securityfocus.com/bid/14340

http://www.ubuntulinux.org/usn/usn-151-3

http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html

http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html

http://www.vupen.com/english/advisories/2007/1267

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680

https://exchange.xforce.ibmcloud.com/vulnerabilities/21456

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11402

Details

Source: MITRE

Published: 2005-07-26

Updated: 2018-10-19

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:zlib:1.2.2:*:*:*:*:*:*:*

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
17828MySQL < 4.1.13a / 5.0.11 Zlib Library Buffer OverflowNessusDatabases
medium
57528Debian DSA-773-1 : amd64 - several vulnerabilitiesNessusDebian Local Security Checks
critical
43839RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0629)NessusRed Hat Local Security Checks
critical
43838RHEL 3 / 4 : Solaris client in Satellite Server (RHSA-2008:0525)NessusRed Hat Local Security Checks
critical
43836RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0264)NessusRed Hat Local Security Checks
critical
41078SuSE9 Security Update : zlib (YOU Patch Number 10347)NessusSuSE Local Security Checks
high
22568Debian DSA-1026-1 : sash - buffer overflowsNessusDebian Local Security Checks
high
21948CentOS 4 : zlib (CESA-2005:584)NessusCentOS Local Security Checks
medium
21460FreeBSD : zlib -- buffer overflow vulnerability (837b9fb2-0595-11da-86bc-000e0c2e438a)NessusFreeBSD Local Security Checks
medium
21207Mandrake Linux Security Advisory : sash (MDKSA-2006:070)NessusMandriva Local Security Checks
high
21125GLSA-200603-18 : Pngcrush: Buffer overflowNessusGentoo Local Security Checks
medium
20552Ubuntu 4.10 / 5.04 / 5.10 : rpm vulnerability (USN-151-4)NessusUbuntu Local Security Checks
high
20551Ubuntu 4.10 / 5.04 / 5.10 : aide vulnerabilities (USN-151-3)NessusUbuntu Local Security Checks
high
20550Ubuntu 4.10 / 5.04 : dpkg, ia32-libs, amd64-libs vulnerabilities (USN-151-2)NessusUbuntu Local Security Checks
high
20549Ubuntu 4.10 / 5.04 : zlib vulnerability (USN-151-1)NessusUbuntu Local Security Checks
high
20124Mandrake Linux Security Advisory : perl-Compress-Zlib (MDKSA-2005:196)NessusMandriva Local Security Checks
high
19885Mandrake Linux Security Advisory : zlib (MDKSA-2005:124)NessusMandriva Local Security Checks
medium
19817GLSA-200509-18 : Qt: Buffer overflow in the included zlib libraryNessusGentoo Local Security Checks
high
19567Debian DSA-797-2 : zsync - denial of serviceNessusDebian Local Security Checks
high
19463Mac OS X Multiple Vulnerabilities (Security Update 2005-007)NessusMacOS X Local Security Checks
critical
19361GLSA-200508-01 : Compress::Zlib: Buffer overflowNessusGentoo Local Security Checks
high
19330GLSA-200507-28 : AMD64 x86 emulation base libraries: Buffer overflowNessusGentoo Local Security Checks
high
19284RHEL 4 : zlib (RHSA-2005:584)NessusRed Hat Local Security Checks
medium
19281GLSA-200507-19 : zlib: Buffer overflowNessusGentoo Local Security Checks
medium
19257Debian DSA-763-1 : zlib - remote DoSNessusDebian Local Security Checks
medium