CVE-2009-1391

Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly...

Basic Information

CVE State
PUBLISHED
Reserved Date
April 23, 2009
Published Date
June 16, 2009
Last Updated
August 07, 2024
Vendor
Compress::Raw::Zlib
Product
Compress::Raw::Zlib Perl module
Description
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.

CVSS Scores

CVSS v2.0

6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploit Status

Exploited in the Wild
Yes (2009-06-16 23:00:00 UTC) Source

Known Exploited Vulnerability Information

Source Added Date
CVE 2009-06-16 23:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel