GZip 'huft_build()' In 'inflate.c' Input Validation Vulnerability (Win) Network Vulnerability

Summary

This host is installed with GZip and is prone to Input Validation Vulnerability

Impact

Successful exploitation could result in Denial of Serivce (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. Impact Level: Application

Solution

Apply the patch or Upgrade to GZip version 1.3.13 http://www.gzip.org/index-f.html#sources http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2 ***** NOTE: Ignore this warning, if above mentioned patch is already applied. *****

Insight

The flaw is due to error in 'huft_build()' function in 'inflate.c', creates a hufts table that is too small.

Affected

GZip version prior to 1.3.13 on Windows

References

http://secunia.com/advisories/38132
http://www.vupen.com/english/advisories/2010/0185
https://bugzilla.redhat.com/show_bug.cgi?id=514711

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2624

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Cogent DataHub Integer Overflow Vulnerability
ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows)
ClamAV Hash Manager Off-By-One Denial of Service Vulnerability (Win)
F-Secure Policy Manager Server fsmsh.dll module DoS
Asterisk Products Invalid SDP SIP Channel Driver DoS Vulnerability

GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Win)

Take action and discover your vulnerabilities