// For flags

CVE-2005-1849

zlib DoS

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.

inftrees.h en zlib 1.2.2 permite que atacantes remotos realizen una dengación de servicio (caída de la aplicación) mediante un fichero inválido que hace que se produzca un arbol dinámico muy grande.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2005-06-06 CVE Reserved
  • 2005-07-21 CVE Published
  • 2024-07-02 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (36)
URL Tag Source
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz X_refsource_misc
http://securitytracker.com/id?1014540 Vdb Entry
http://www.osvdb.org/18141 Vdb Entry
http://www.securityfocus.com/archive/1/464745/100/0/threaded Mailing List
http://www.securityfocus.com/bid/14340 Vdb Entry
http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html X_refsource_confirm
http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html X_refsource_confirm
http://www.vupen.com/english/advisories/2007/1267 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/21456 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11402 Signature
URL Date SRC
URL Date SRC
http://www.debian.org/security/2005/dsa-763 2022-06-22
URL Date SRC
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt 2022-06-22
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html 2022-06-22
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html 2022-06-22
http://secunia.com/advisories/16137 2022-06-22
http://secunia.com/advisories/17326 2022-06-22
http://secunia.com/advisories/17516 2022-06-22
http://secunia.com/advisories/18377 2022-06-22
http://secunia.com/advisories/19334 2022-06-22
http://secunia.com/advisories/19550 2022-06-22
http://secunia.com/advisories/19597 2022-06-22
http://secunia.com/advisories/24788 2022-06-22
http://secunia.com/advisories/31492 2022-06-22
http://www.debian.org/security/2005/dsa-797 2022-06-22
http://www.debian.org/security/2006/dsa-1026 2022-06-22
http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml 2022-06-22
http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml 2022-06-22
http://www.mandriva.com/security/advisories?name=MDKSA-2005:196 2022-06-22
http://www.mandriva.com/security/advisories?name=MDKSA-2006:070 2022-06-22
http://www.novell.com/linux/security/advisories/2005_43_zlib.html 2022-06-22
http://www.redhat.com/support/errata/RHSA-2005-584.html 2022-06-22
http://www.redhat.com/support/errata/RHSA-2008-0629.html 2022-06-22
http://www.ubuntulinux.org/usn/usn-151-3 2022-06-22
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680 2022-06-22
https://access.redhat.com/security/cve/CVE-2005-1849 2008-08-13
https://bugzilla.redhat.com/show_bug.cgi?id=430649 2008-08-13
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Zlib
Search vendor "Zlib"
 Zlib
Search vendor "Zlib" for product "Zlib"
 1.2.2
Search vendor "Zlib" for product "Zlib" and version "1.2.2"
-
Affected