Vulnerability Details : CVE-2009-1391
Potential exploit
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2009-1391
- cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:*:*:*:*:*:*:*:*
- cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.008:*:*:*:*:*:*:*
- cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.006:*:*:*:*:*:*:*
- cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.001:*:*:*:*:*:*:*
- cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.005:*:*:*:*:*:*:*
- cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.004:*:*:*:*:*:*:*
- cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.014:*:*:*:*:*:*:*
- cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.012:*:*:*:*:*:*:*
- cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.011:*:*:*:*:*:*:*
- cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.003:*:*:*:*:*:*:*
- cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.002:*:*:*:*:*:*:*
- cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.010:*:*:*:*:*:*:*
- cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.009:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-1391
0.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1391
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2009-1391
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1391
-
http://www.securityfocus.com/bid/35307
Exploit;Patch
-
https://bugs.gentoo.org/show_bug.cgi?id=273141
273141 – (CVE-2009-1391) <perl-core/Compress-Raw-Zlib-2.020: Off-by-one (CVE-2009-1391)
-
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00607.html
[SECURITY] Fedora 10 Update: perl-5.10.0-73.fc10
-
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:012 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.vupen.com/english/advisories/2009/1571
Site en constructionPatch;Vendor Advisory
-
http://article.gmane.org/gmane.mail.virus.amavis.user/33635
-
https://bugzilla.redhat.com/show_bug.cgi?id=504386
504386 – (CVE-2009-1391) CVE-2009-1391 Buffer overflow in Compress::Raw::ZlibExploit
-
http://security.gentoo.org/glsa/glsa-200908-07.xml
Perl Compress::Raw modules: Denial of service (GLSA 200908-07) — Gentoo security
-
https://usn.ubuntu.com/794-1/
404: Page not found | Ubuntu
-
http://thread.gmane.org/gmane.mail.virus.amavis.user/33635
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:157
Mandriva
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/51062
Compress::Raw::Zlib module for Perl inflate() function buffer overflow CVE-2009-1391 Vulnerability Report
-
http://article.gmane.org/gmane.mail.virus.amavis.user/33638
Exploit
Jump to