Vulnerability Name: CVE-2005-1849 (CCN-21346) Assigned: 2005-07-08 Published: 2005-07-08 Updated: 2022-06-22 Summary: inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): Access Complexity (AC): Authentication (Au): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P 3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): Access Complexity (AC): Athentication (Au): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: CCNBuffer overflow in zlib SCOSA-2006.6 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096) CVE-2005-1849 CVE-2005-2096 Fix for denial of service vulnerabilities - zlib APPLE-SA-2005-08-17 APPLE-SA-2005-08-15 zlib security update zlib security update Moderate: Red Hat Network Satellite Server Solaris client security update Moderate: Red Hat Network Satellite Server Solaris client security update Moderate: Red Hat Network Satellite Server Solaris client security update zlib "inftrees.c" Buffer Overflow Vulnerability zlib Denial of Service Vulnerability 16137 CVS zlib Vulnerabilities Network Security Services (NSS) Library Zlib Vulnerability Sun Solaris Network Security Services (NSS) Security Tools Zlib Vulnerability 17326 17516 18377 HP-UX Secure Shell Denial of Service Vulnerability Avaya PDS HP-UX SecureShell Denial of Service Vulnerability 19334 19550 19597 VMware ESX Server Multiple Vulnerabilities 24788 31492 Apple Safari Multiple Vulnerabilities http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz Zlib Buffer Overflow in inflate_table() May Let Remote Users Execute Arbitrary Code zlib Buffer Overflow in `inftrees.c` Lets Remote Users Deny Service 1014540 zlib DoS About the security content of Safari 3.2 HP-UX Secure Shell Remote Denial of Service (HPSBUX02090) Apple Security Update 2005-007 DSA-763 DSA-797 DSA-1026 sash -- buffer overflows zlib -- remote denial of service zlib -- remote DoS zsync -- denial of service zlib: Buffer overflow zlib: Buffer overflow AMD64 x86 emulation base libraries: Buffer overflow Compress::Zlib: Buffer overflow Qt: Buffer overflow in the included zlib library GLSA-200509-18 Pngcrush: Buffer overflow GLSA-200603-18 zlib inflate() routine vulnerable to buffer overflow MDKSA-2005:196 MDKSA-2006:070 SUSE-SA:2005:043 zlib zlib 18141 zlib inftrees.c Invalid File Overflow Local DoS RHSA-2005:584 RHSA-2008:0629 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates Zlib Compression Library Buffer Overflow Vulnerability 14340 Zlib Compression Library Decompression Buffer Overflow Vulnerability Apple Mac OS X Multiple Vulnerabilities net-snmp, zlib Buffer overflow Buffer overflows zlib vulnerability zlib vulnerability zlib vulnerabilities zlib vulnerabilities rpm vulnerability USN-151-3 http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html ADV-2007-1267 zlib Home Site FLSA:162680 zlib-inftrees-bo(21346) zlib-codetable-dos(21456) oval:org.mitre.oval:def:11402 zlib: remote denial of service zlib: denial of service SUSE Security Summary Report Vulnerable Configuration: Configuration 1 :cpe:/a:zlib:zlib:1.2.2:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:* Vulnerability Name: CVE-2005-1849 (CCN-21456) Assigned: 2005-07-21 Published: 2005-07-21 Updated: 2005-07-21 Summary: inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): Access Complexity (AC): Authentication (Au): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P 3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): Access Complexity (AC): Athentication (Au): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
Vulnerability Consequences: Denial of Service References: Source: CCNBuffer overflow in zlib Buffer overflow in zlib VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) Softwin's anti-virus BitDefender contains vulnerable zlib (CA-2007-07) Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096) Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096) zlib: Buffer overflow CVE-2005-1849 CVE-2005-2096 Fix for denial of service vulnerabilities - zlib HPSBUX02090 SSRT051058 rev.2 - HP-UX Secure Shell Remote Denial of Service (DoS) zlib security update zlib security update Moderate: Red Hat Network Satellite Server Solaris client security update Moderate: Red Hat Network Satellite Server Solaris client security update Moderate: Red Hat Network Satellite Server Solaris client security update zlib "inftrees.c" Buffer Overflow Vulnerability zlib Denial of Service Vulnerability CVS zlib Vulnerabilities Network Security Services (NSS) Library Zlib Vulnerability Sun Solaris Network Security Services (NSS) Security Tools Zlib Vulnerability HP-UX Secure Shell Denial of Service Vulnerability Avaya PDS HP-UX SecureShell Denial of Service Vulnerability VMware ESX Server Multiple Vulnerabilities Apple Safari Multiple Vulnerabilities Zlib Buffer Overflow in inflate_table() May Let Remote Users Execute Arbitrary Code zlib Buffer Overflow in `inftrees.c` Lets Remote Users Deny Service About the security content of Safari 3.2 HP-UX Secure Shell Remote Denial of Service (HPSBUX02090) Apple Security Update 2005-007 sash -- buffer overflows zlib -- remote denial of service zlib -- remote DoS zsync -- denial of service zlib: Buffer overflow zlib: Buffer overflow AMD64 x86 emulation base libraries: Buffer overflow Compress::Zlib: Buffer overflow Qt: Buffer overflow in the included zlib library Pngcrush: Buffer overflow zlib inflate() routine vulnerable to buffer overflow zlib zlib zlib inftrees.c Invalid File Overflow Local DoS Zlib Compression Library Buffer Overflow Vulnerability Zlib Compression Library Decompression Buffer Overflow Vulnerability GSview Multiple Unspecified Security Vulnerabilities Buffer overflow Buffer overflows zlib vulnerability zlib vulnerability zlib vulnerabilities zlib vulnerabilities rpm vulnerability zlib Home Site zlib-codetable-dos(21456) zlib: remote denial of service zlib: denial of service SUSE Security Summary Report Vulnerable Configuration: Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:gnu:zlib:1.2.2:*:*:*:*:*:*:* OR cpe:/a:gnu:zlib:1.2.1:*:*:*:*:*:*:* OR cpe:/a:gnu:zlib:1.0:*:*:*:*:*:*:* OR cpe:/a:gnu:zlib:1.0.1:*:*:*:*:*:*:* OR cpe:/a:gnu:zlib:1.0.2:*:*:*:*:*:*:* OR cpe:/a:gnu:zlib:1.0.3:*:*:*:*:*:*:* OR cpe:/a:gnu:zlib:1.0.4:*:*:*:*:*:*:* OR cpe:/a:gnu:zlib:1.0.5:*:*:*:*:*:*:* OR cpe:/a:gnu:zlib:1.0.6:*:*:*:*:*:*:* OR cpe:/a:gnu:zlib:1.0.7:*:*:*:*:*:*:* OR cpe:/a:gnu:zlib:1.0.8:*:*:*:*:*:*:* OR cpe:/a:gnu:zlib:1.0.9:*:*:*:*:*:*:* OR cpe:/a:gnu:zlib:1.1:*:*:*:*:*:*:* OR cpe:/a:gnu:zlib:1.1.1:*:*:*:*:*:*:* OR cpe:/a:gnu:zlib:1.1.2:*:*:*:*:*:*:* OR cpe:/a:gnu:zlib:1.1.3:*:*:*:*:*:*:* OR cpe:/a:gnu:zlib:1.1.4:*:*:*:*:*:*:* OR cpe:/a:gnu:zlib:1.2.0:*:*:*:*:*:*:* AND cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:* OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:* OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:* OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:* OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86-64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:* OR cpe:/o:vmware:esx:3.0.0:*:*:*:*:*:*:* OR cpe:/o:vmware:esx:3.0.1:*:*:*:*:*:*:* OR cpe:/a:redhat:network_satellite:5.0:*:*:*:*:*:*:* OR cpe:/a:curl:libcurl:7.17.0:*:*:*:*:*:*:* OR cpe:/a:bitdefender:bitdefender:10:_nil_:free_edition:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:* OR cpe:/a:redhat:network_satellite:4.2:*:*:*:*:*:*:* OR cpe:/a:apple:safari:3:*:*:*:*:*:*:* OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:* Oval Definitions BACK
zlib zlib 1.2.2
gnu zlib 1.2.2
gnu zlib 1.2.1
gnu zlib 1.0
gnu zlib 1.0.1
gnu zlib 1.0.2
gnu zlib 1.0.3
gnu zlib 1.0.4
gnu zlib 1.0.5
gnu zlib 1.0.6
gnu zlib 1.0.7
gnu zlib 1.0.8
gnu zlib 1.0.9
gnu zlib 1.1
gnu zlib 1.1.1
gnu zlib 1.1.2
gnu zlib 1.1.3
gnu zlib 1.1.4
gnu zlib 1.2.0
openpkg openpkg current
gentoo linux *
mandrakesoft mandrake linux corporate server 2.1
mandrakesoft mandrake linux 10.0
suse suse linux 9.1
conectiva linux 10
suse suse linux 9.2
mandrakesoft mandrake linux 10.1
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux 4
redhat enterprise linux 4
novell linux desktop 9
redhat enterprise linux 4
redhat enterprise linux 4
debian debian linux 3.1
novell open enterprise server *
mandrakesoft mandrake multi network firewall 2.0
mandrakesoft mandrake linux 2006
suse linux enterprise server 9
mandrakesoft mandrake linux 10.1
mandrakesoft mandrake linux 2006
mandrakesoft mandrake linux corporate server 3.0
vmware esx server 3.0.0
vmware esx server 3.0.1
redhat network satellite server 5.0
curl libcurl 7.17.0
bitdefender bitdefender 10 _nil_
mandrakesoft mandrake linux 10.0
mandrakesoft mandrake linux corporate server 2.1
redhat network satellite server 4.2
apple safari 3
novell open enterprise server *
suse suse linux 9.3
Denotes that component is vulnerable