Vulnerability Details : CVE-2010-0001
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
Vulnerability category: Execute codeDenial of service
Products affected by CVE-2010-0001
- cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gzip:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gzip:1.2.4a:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gzip:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gzip:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gzip:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gzip:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gzip:1.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gzip:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gzip:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gzip:1.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gzip:1.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gzip:1.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gzip:1.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gzip:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gzip:1.3.12:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0001
4.75%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0001
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2010-0001
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0001
-
http://ncompress.sourceforge.net/#status
ncompress: a public domain project
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7511
Repository / Oval Repository
-
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Apple - Lists.apple.com
-
http://www.vupen.com/english/advisories/2010/1796
Webmail | OVH- OVH
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:152
mandriva.com
-
http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f
gzip.git - gzip
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView
-
http://www.vupen.com/english/advisories/2010/1872
Webmail | OVH- OVH
-
http://www.debian.org/security/2010/dsa-1974
Debian -- Security Information -- DSA-1974-1 gzip
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10546
Repository / Oval Repository
-
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
[security-announce] SUSE Security Announcement: acoread (SUSE-SA:2010:00
-
http://support.apple.com/kb/HT4435
We're sorry.
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:020
mandriva.com
-
http://www.vupen.com/english/advisories/2010/0185
Webmail | OVH- OVHVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0061.html
Support
-
https://rhn.redhat.com/errata/RHSA-2010-0095.html
RHSA-2010:0095 - Security Advisory - Red Hat Customer Portal
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:019
mandriva.com
-
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
-
http://securitytracker.com/id?1023490
Gzip Integer Underflow in Processing LZW Compressed Archives May Let Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.debian.org/security/2010/dsa-2074
Debian -- Security Information -- DSA-2074-1 ncompress
-
http://www.ubuntu.com/usn/USN-889-1
USN-889-1: gzip vulnerabilities | Ubuntu security notices
-
http://savannah.gnu.org/forum/forum.php?forum_id=6153
GNU gzip - News: gzip-1.4 released [stable/security] [Savannah]
-
https://bugzilla.redhat.com/show_bug.cgi?id=554418
554418 – (CVE-2010-0001) CVE-2010-0001 gzip: (64 bit) Integer underflow by decompressing LZW format files
Jump to