CVE-2003-0107 - OpenCVE

Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Zlib	Zlib

Configuration 1 [-]

cpe:2.3:a:zlib:zlib:1.1.4:*:*:*:*:*:*:*

References

Link	Resource
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619
http://jvn.jp/en/jp/JVN78689801/index.html
http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.html
http://lists.apple.com/mhonarc/security-announce/msg00038.html
http://marc.info/?l=bugtraq&m=104610337726297&w=2
http://marc.info/?l=bugtraq&m=104610536129508&w=2
http://marc.info/?l=bugtraq&m=104620610427210&w=2
http://marc.info/?l=bugtraq&m=104887247624907&w=2
http://online.securityfocus.com/archive/1/312869	Exploit
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405
http://www.iss.net/security_center/static/11381.php	Vendor Advisory
http://www.kb.cert.org/vuls/id/142121	US Government Resource
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033
http://www.osvdb.org/6599
http://www.redhat.com/support/errata/RHSA-2003-079.html
http://www.redhat.com/support/errata/RHSA-2003-081.html
http://www.securityfocus.com/bid/6913

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-01T04:00:00

Updated: 2008-02-07T00:00:00

Reserved: 2003-02-26T00:00:00

Link: CVE-2003-0107

JSON object: View

NVD Information

Status : Modified

Published: 2003-03-07T05:00:00.000

Modified: 2022-06-22T16:40:46.327

Link: CVE-2003-0107

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-02-22T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2008-02-07T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://lists.apple.com/mhonarc/security-announce/msg00038.html"}, {"name": "JVN#78689801", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN78689801/index.html"}, {"name": "JVNDB-2015-000066", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.html"}, {"name": "MDKSA-2003:033", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033"}, {"name": "NetBSD-SA2003-004", "tags": ["vendor-advisory", "x_refsource_NETBSD"], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc"}, {"name": "RHSA-2003:081", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2003-081.html"}, {"name": "RHSA-2003:079", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2003-079.html"}, {"name": "GLSA-200303-25", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://marc.info/?l=bugtraq&m=104887247624907&w=2"}, {"name": "CSSA-2003-011.0", "tags": ["vendor-advisory", "x_refsource_CALDERA"], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt"}, {"name": "VU#142121", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/142121"}, {"name": "20030224 Re: buffer overrun in zlib 1.1.4", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=104610536129508&w=2"}, {"name": "57405", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405"}, {"name": "6599", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/6599"}, {"name": "20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=104620610427210&w=2"}, {"name": "20030222 buffer overrun in zlib 1.1.4", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://online.securityfocus.com/archive/1/312869"}, {"name": "CLSA-2003:619", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619"}, {"name": "6913", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/6913"}, {"name": "zlib-gzprintf-bo(11381)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/11381.php"}, {"name": "20030223 poc zlib sploit just for fun :)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=104610337726297&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0107", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://lists.apple.com/mhonarc/security-announce/msg00038.html", "refsource": "CONFIRM", "url": "http://lists.apple.com/mhonarc/security-announce/msg00038.html"}, {"name": "JVN#78689801", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN78689801/index.html"}, {"name": "JVNDB-2015-000066", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.html"}, {"name": "MDKSA-2003:033", "refsource": "MANDRAKE", "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033"}, {"name": "NetBSD-SA2003-004", "refsource": "NETBSD", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc"}, {"name": "RHSA-2003:081", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-081.html"}, {"name": "RHSA-2003:079", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-079.html"}, {"name": "GLSA-200303-25", "refsource": "GENTOO", "url": "http://marc.info/?l=bugtraq&m=104887247624907&w=2"}, {"name": "CSSA-2003-011.0", "refsource": "CALDERA", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt"}, {"name": "VU#142121", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/142121"}, {"name": "20030224 Re: buffer overrun in zlib 1.1.4", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=104610536129508&w=2"}, {"name": "57405", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405"}, {"name": "6599", "refsource": "OSVDB", "url": "http://www.osvdb.org/6599"}, {"name": "20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=104620610427210&w=2"}, {"name": "20030222 buffer overrun in zlib 1.1.4", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/312869"}, {"name": "CLSA-2003:619", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619"}, {"name": "6913", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6913"}, {"name": "zlib-gzprintf-bo(11381)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/11381.php"}, {"name": "20030223 poc zlib sploit just for fun :)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=104610337726297&w=2"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0107", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2003-02-26T00:00:00", "dateUpdated": "2008-02-07T00:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zlib:zlib:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "80AD14DA-DB9F-48F4-9B1D-2066705D8468", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en la funci\u00f3n gzprintf de zlib 1.1.4, cuando zlib es compilado sin vsnprintf o cuando entradas largas son truncadas mediante vsnprintf, lo que permite a atacantes, causar Denegaci\u00f3n de Servicio o la posibilidad de ejecutar c\u00f3digo remoto."}], "id": "CVE-2003-0107", "lastModified": "2022-06-22T16:40:46.327", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-03-07T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt"}, {"source": "cve@mitre.org", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc"}, {"source": "cve@mitre.org", "url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619"}, {"source": "cve@mitre.org", "url": "http://jvn.jp/en/jp/JVN78689801/index.html"}, {"source": "cve@mitre.org", "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.html"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/mhonarc/security-announce/msg00038.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=104610337726297&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=104610536129508&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=104620610427210&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=104887247624907&w=2"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://online.securityfocus.com/archive/1/312869"}, {"source": "cve@mitre.org", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/11381.php"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/142121"}, {"source": "cve@mitre.org", "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/6599"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-079.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-081.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6913"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}