Summary
This host is installed with GZip and is prone to Input Validation Vulnerability
Impact
Successful exploitation could result in Denial of Serivce (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive.
Impact Level: Application
Solution
Apply the patch or Upgrade to GZip version 1.3.13
http://www.gzip.org/index-f.html#sources
http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2
*****
NOTE: Ignore this warning, if above mentioned patch is already applied.
*****
Insight
The flaw is due to error in 'huft_build()' function in 'inflate.c', creates a hufts table that is too small.
Affected
GZip version prior to 1.3.13 on Windows
References
Severity
Classification
-
CVE CVE-2009-2624 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities