CVE DATABASE / CVE-2002-0059
CVE-2002-0059
CVSS 9.8 · CRITICAL
Summary
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
CVSS 3.1 breakdown
| Base score | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Zlib zlib
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022
- http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
- http://www.cert.org/advisories/CA-2002-07.html
- http://www.debian.org/security/2002/dsa-122
- http://www.kb.cert.org/vuls/id/368819
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
- http://www.redhat.com/support/errata/RHSA-2002-026.html
- http://www.redhat.com/support/errata/RHSA-2002-027.html
- http://www.securityfocus.com/bid/4267
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.