{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-10-02T00:00:00", "descriptions": [{"lang": "en", "value": "The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive.  NOTE: this issue is caused by a CVE-2006-4334 regression."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-11-18T10:00:00", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4435"}, {"name": "ADV-2010-0185", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0185"}, {"name": "USN-889-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-889-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514711"}, {"name": "[bug-gzip] 20091002 gzip-1.3.13 released [major]", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258"}, {"name": "APPLE-SA-2010-11-10-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"name": "DSA-1974", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-1974"}, {"name": "MDVSA-2010:020", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:020"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2"}, {"name": "38223", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38223"}, {"name": "38132", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38132"}, {"name": "SUSE-SA:2010:008", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"}, {"name": "38232", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38232"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2009-2624", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive.  NOTE: this issue is caused by a CVE-2006-4334 regression."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://support.apple.com/kb/HT4435", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4435"}, {"name": "ADV-2010-0185", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0185"}, {"name": "USN-889-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-889-1"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=514711", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514711"}, {"name": "[bug-gzip] 20091002 gzip-1.3.13 released [major]", "refsource": "MLIST", "url": "http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258"}, {"name": "APPLE-SA-2010-11-10-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"name": "DSA-1974", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-1974"}, {"name": "MDVSA-2010:020", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:020"}, {"name": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2", "refsource": "CONFIRM", "url": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2"}, {"name": "38223", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38223"}, {"name": "38132", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38132"}, {"name": "SUSE-SA:2010:008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"}, {"name": "38232", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38232"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:59:56.266Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT4435"}, {"name": "ADV-2010-0185", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0185"}, {"name": "USN-889-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-889-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514711"}, {"name": "[bug-gzip] 20091002 gzip-1.3.13 released [major]", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258"}, {"name": "APPLE-SA-2010-11-10-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"name": "DSA-1974", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-1974"}, {"name": "MDVSA-2010:020", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:020"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2"}, {"name": "38223", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38223"}, {"name": "38132", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38132"}, {"name": "SUSE-SA:2010:008", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"}, {"name": "38232", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38232"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2009-2624", "datePublished": "2010-01-29T18:00:00", "dateReserved": "2009-07-28T00:00:00", "dateUpdated": "2024-08-07T05:59:56.266Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:*", "matchCriteriaId": "0782AAD8-CEA7-47E9-A8F2-175FC0B880C3", "versionEndIncluding": "1.3.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gzip:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "0D50385A-1D5D-4517-B5FA-1BB60BA4C484", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gzip:1.2.4a:*:*:*:*:*:*:*", "matchCriteriaId": "752BDD31-53A2-4246-8E95-77694548DB2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gzip:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "BCFD9CEE-AAB0-443E-A5C7-6805AFCCF6EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gzip:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "7830E23E-C3B2-40D1-A82B-8862F82AA996", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gzip:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "48F71B1D-B822-4C4F-9009-8D8E1B9707FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gzip:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "079F39E2-69BF-47AC-87CF-A47D37EA27F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gzip:1.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "D1B19DCC-2441-453F-8CFE-93A2FD37446C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gzip:1.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "E92ACD5A-D7D3-4DBA-A7AA-BBCA2E20BA50", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gzip:1.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "614F29C6-AEB8-4274-B0F4-865DF32CCBAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gzip:1.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "52D3F910-090A-43AA-8639-443DFF230958", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gzip:1.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "A28E3EC1-6788-459A-A4F9-0969C007131C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gzip:1.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "E8563855-787C-488E-B241-1F32AD783E2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gzip:1.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "AAD2768C-CD7E-4B2E-8919-8319D84A71DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gzip:1.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "6E56B3BD-EDB2-4BE1-821F-2F84548FBF9F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive.  NOTE: this issue is caused by a CVE-2006-4334 regression."}, {"lang": "es", "value": "La funci\u00f3n huft_build en inflate.c en gzip anterior a v1.3.13 crea una tabla hufts (tambi\u00e9n conocido como huffman) demasiado peque\u00f1a, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n o buble infinito), o posiblemente la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo manipulado. NOTA: esta vulnerabilidad est\u00e1 provocada por una regresi\u00f3n del CVE-2006-4334."}], "id": "CVE-2009-2624", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-01-29T18:30:00.793", "references": [{"source": "cret@cert.org", "url": "http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258"}, {"source": "cret@cert.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263"}, {"source": "cret@cert.org", "url": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2"}, {"source": "cret@cert.org", "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38132"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38223"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38232"}, {"source": "cret@cert.org", "url": "http://support.apple.com/kb/HT4435"}, {"source": "cret@cert.org", "url": "http://www.debian.org/security/2010/dsa-1974"}, {"source": "cret@cert.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:020"}, {"source": "cret@cert.org", "url": "http://www.ubuntu.com/usn/USN-889-1"}, {"source": "cret@cert.org", "url": "http://www.vupen.com/english/advisories/2010/0185"}, {"source": "cret@cert.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514711"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38132"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38223"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38232"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT4435"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-1974"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:020"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-889-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/0185"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514711"}], "sourceIdentifier": "cret@cert.org", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of gzip as shipped with Red Hat Enterprise Linux 3, 4, or 5.", "lastModified": "2010-02-02T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "gzip: Missing input sanitation by decompressing dynamic Huffman code blocks", "id": "514711", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514711"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "draft"}, "details": ["The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive.  NOTE: this issue is caused by a CVE-2006-4334 regression."], "name": "CVE-2009-2624", "public_date": "2010-01-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-2624\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-2624"], "statement": "Not vulnerable. This issue did not affect the versions of gzip as shipped with Red Hat Enterprise Linux 3, 4, or 5.  It was corrected in the versions of gzip as shipped with Red Hat Enterprise Linux 6.0 and later.", "threat_severity": "Moderate"}