CVE-2003-0107

Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.

Desbordamiento de búfer en la función gzprintf de zlib 1.1.4, cuando zlib es compilado sin vsnprintf o cuando entradas largas son truncadas mediante vsnprintf, lo que permite a atacantes, causar Denegación de Servicio o la posibilidad de ejecutar código remoto.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2003-02-23 First Exploit
2003-02-26 CVE Reserved
2003-03-07 CVE Published
2024-03-09 EPSS Updated
2024-08-08 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (23)

URL	Tag	Source
http://jvn.jp/en/jp/JVN78689801/index.html	Third Party Advisory
http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.html	Third Party Advisory
http://lists.apple.com/mhonarc/security-announce/msg00038.html	X_refsource_confirm
http://marc.info/?l=bugtraq&m=104610337726297&w=2	Mailing List
http://marc.info/?l=bugtraq&m=104610536129508&w=2	Mailing List
http://marc.info/?l=bugtraq&m=104620610427210&w=2	Mailing List
http://www.kb.cert.org/vuls/id/142121	Third Party Advisory
http://www.osvdb.org/6599	Vdb Entry
http://www.securityfocus.com/bid/6913	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/22273	2003-02-23
https://www.exploit-db.com/exploits/22274	2003-02-23
http://online.securityfocus.com/archive/1/312869	2024-08-08

URL	Date	SRC

URL	Date	SRC
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt	2022-06-22
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc	2022-06-22
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619	2022-06-22
http://marc.info/?l=bugtraq&m=104887247624907&w=2	2022-06-22
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405	2022-06-22
http://www.iss.net/security_center/static/11381.php	2022-06-22
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033	2022-06-22
http://www.redhat.com/support/errata/RHSA-2003-079.html	2022-06-22
http://www.redhat.com/support/errata/RHSA-2003-081.html	2022-06-22
https://access.redhat.com/security/cve/CVE-2003-0107	2003-05-22
https://bugzilla.redhat.com/show_bug.cgi?id=1616967	2003-05-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zlib Search vendor "Zlib"		Zlib Search vendor "Zlib" for product "Zlib"				1.1.4 Search vendor "Zlib" for product "Zlib" and version "1.1.4"		-		Affected