CVE-2002-0059

CVSS 9.8 - CRITICAL
Description

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

Affected Products
1
Vendor Product Version
zlib zlib All versions
References
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-...
http://distro.conectiva.com.br/atualizacoes/?id=a&...
http://frontal2.mandriva.com/security/advisories?n...
http://www.caldera.com/support/security/advisories...
http://www.cert.org/advisories/CA-2002-07.html
http://www.debian.org/security/2002/dsa-122
http://www.kb.cert.org/vuls/id/368819
http://www.linux-mandrake.com/en/security/2002/MDK...
http://www.linux-mandrake.com/en/security/2002/MDK...
http://www.redhat.com/support/errata/RHSA-2002-026...
http://www.redhat.com/support/errata/RHSA-2002-027...
http://www.securityfocus.com/bid/4267
http://www1.itrc.hp.com/service/cki/docDisplay.do?...
http://www1.itrc.hp.com/service/cki/docDisplay.do?...
http://www1.itrc.hp.com/service/cki/docDisplay.do?...
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-...
http://distro.conectiva.com.br/atualizacoes/?id=a&...
http://frontal2.mandriva.com/security/advisories?n...
http://www.caldera.com/support/security/advisories...
Weakness Types
CWE-415
CVE Information
CVE ID:
CVE-2002-0059
Published:
2002-03-15
Modified:
2025-04-03
CVSS Score:
9.8
Severity:
CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Vendors
zlib
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL