What is CVE-2010-0001?

CVE-2010-0001 is a vulnerability in Gnu Gzip, classified under CWE-189. Published 2010-01-29.

Is CVE-2010-0001 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Gnu Gzip

CVE-2010-0001

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary cod…

EPSS: 0.048 (90.8th percentile) — read the EPSS interpretation.

Affected products

Gnu Gzip — versions 1.2.4, 1.3.2, 1.3.12
N/a — versions n/a

Weakness classification (CWE)

CWE-189

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_HP, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (vendor-advisory, x_refsource_APPLE)
secalert@redhat.com (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2010-0001?: CVE-2010-0001 is a vulnerability in Gnu Gzip, classified under CWE-189. Published 2010-01-29.
Is CVE-2010-0001 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.