Vulnerability Name:

CVE-2004-0797 (CCN-17119)

Assigned:2004-08-25
Published:2004-08-25
Updated:2022-06-22
Summary:The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash).
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: SCO
Type: UNKNOWN
SCOSA-2006.6

Source: SCO
Type: UNKNOWN
SCOSA-2004.17

Source: CCN
Type: BugTraq Mailing List, Mon Nov 01 2004 - 15:43:35 CST
zlib 1.2.2 released

Source: CCN
Type: Debian Bug Report Log - #252253
SIGSEGV in zlib1g 1.2.1.1-3 with pwzip-file

Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=252253

Source: MITRE
Type: CNA
CVE-2004-0797

Source: CONECTIVA
Type: UNKNOWN
CLA-2004:865

Source: CONECTIVA
Type: UNKNOWN
CLA-2004:878

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:865
Fix for denial of service vulnerabilities

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:878
Fix for denial of service vulnerabilities

Source: BUGTRAQ
Type: UNKNOWN
20040825 [OpenPKG-SA-2004.038] OpenPKG Security Advisory (zlib)

Source: CCN
Type: SA11129
zlib Denial of Service Vulnerability

Source: SECUNIA
Type: UNKNOWN
11129

Source: CCN
Type: SA17054
CVS zlib Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
17054

Source: SECUNIA
Type: UNKNOWN
18377

Source: GENTOO
Type: UNKNOWN
GLSA-200408-26

Source: CCN
Type: SECTRACK ID: 1011085
Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1011085

Source: CCN
Type: GLSA-200408-26
zlib: Denial of service vulnerability

Source: CCN
Type: US-CERT VU#238678
The zlib compression library is vulnerable to a denial-of-service condition

Source: CERT-VN
Type: US Government Resource
VU#238678

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:090

Source: SUSE
Type: UNKNOWN
SUSE-SA:2004:029

Source: CCN
Type: OpenPKG-SA-2004.038
zlib

Source: CCN
Type: OpenPKG-SA-2005.007
CVS

Source: OSVDB
Type: UNKNOWN
9360

Source: OSVDB
Type: UNKNOWN
9361

Source: CCN
Type: OSVDB ID: 9360
zlib inflate Function Error Handling DoS

Source: CCN
Type: OSVDB ID: 9361
zlib inflateBack Function Error Handling DoS

Source: BID
Type: UNKNOWN
11051

Source: CCN
Type: BID-11051
Zlib Compression Library Denial Of Service Vulnerability

Source: CCN
Type: Slackware Security Advisory Mon, 4 Oct 2004 12:52:54 -0700 (PDT)
zlib DoS

Source: SLACKWARE
Type: UNKNOWN
SSA:2004-278

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0043
Multiple vulnerabilities

Source: CCN
Type: zlib Web site
zlib Home site

Source: FEDORA
Type: UNKNOWN
FLSA:2043

Source: XF
Type: UNKNOWN
zlib-inflate-inflateback-dos(17119)

Source: XF
Type: UNKNOWN
zlib-inflate-inflateback-dos(17119)

Source: SUSE
Type: SUSE-SA:2004:029
zlib: denial of service

Vulnerable Configuration:Configuration 1:
  • cpe:/a:zlib:zlib:1.2.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gnu:zlib:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:zlib:1.2.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:112412
    P
    		httrack-3.48.22-1.3 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:105919
    P
    		Security update for MozillaFirefox (Important) (in QA)
    2022-01-14
    BACK
    zlib zlib 1.2.1
    gnu zlib 1.2.2
    gnu zlib 1.2.1
    trustix secure linux 1.5
    openpkg openpkg current
    gentoo linux *
    trustix secure linux 2.0
    openpkg openpkg 2.0
    trustix secure linux 2.1
    mandrakesoft mandrake linux 10.0
    suse suse linux 9.1
    conectiva linux 10
    openpkg openpkg 2.1
    openpkg openpkg 2.2
    suse linux enterprise server 9
    mandrakesoft mandrake linux 10.0