CVE-2009-1391
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- April 23, 2009
- Published Date
- June 16, 2009
- Last Updated
- August 07, 2024
- Vendor
- Compress::Raw::Zlib
- Product
- Compress::Raw::Zlib Perl module
- Description
- Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.
CVSS Scores
CVSS v2.0
6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploit Status
- Exploited in the Wild
- Yes (2009-06-16 23:00:00 UTC) Source
References
http://article.gmane.org/gmane.mail.virus.amavis.user/33635
http://thread.gmane.org/gmane.mail.virus.amavis.user/33635
https://exchange.xforce.ibmcloud.com/vulnerabilities/51062
https://usn.ubuntu.com/794-1/
http://www.mandriva.com/security/advisories?name=MDVSA-2009:157
https://bugs.gentoo.org/show_bug.cgi?id=273141
http://www.securityfocus.com/bid/35307
http://security.gentoo.org/glsa/glsa-200908-07.xml
http://secunia.com/advisories/35685
https://bugzilla.redhat.com/show_bug.cgi?id=504386
http://secunia.com/advisories/35689
http://www.vupen.com/english/advisories/2009/1571
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://osvdb.org/55041
http://article.gmane.org/gmane.mail.virus.amavis.user/33638
http://secunia.com/advisories/35422
http://secunia.com/advisories/35876
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00607.html
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CVE | 2009-06-16 23:00:00 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel