Improper input validation in Gnu Gzip
CVE-2009-2624
The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.042 (89.6th percentile) — read the EPSS interpretation.
Affected products
- Gnu Gzip — versions 1.2.4, 1.3.2, 1.3.1
- N/a — versions n/a
Weakness classification (CWE)
References
- cret@cert.org (mailing-list, x_refsource_MLIST)
- cret@cert.org (x_refsource_CONFIRM)
- cret@cert.org (x_refsource_CONFIRM)
- cret@cert.org (vendor-advisory, x_refsource_APPLE)
- cret@cert.org (vendor-advisory, x_refsource_SUSE)
- cret@cert.org (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- cret@cert.org (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- cret@cert.org (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- cret@cert.org (x_refsource_CONFIRM)
- cret@cert.org (vendor-advisory, x_refsource_DEBIAN)