Back to search
CVE-2009-1391
Published: Jun 16, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://article.gmane.org/gmane.mail.virus.amavis.user/33635
x_refsource_MISC
http://thread.gmane.org/gmane.mail.virus.amavis.user/33635
x_refsource_MISC
perl-compressrawzlib-inflate-bo(51062)
vdb-entry
x_refsource_XF
USN-794-1
vendor-advisory
x_refsource_UBUNTU
MDVSA-2009:157
vendor-advisory
x_refsource_MANDRIVA
https://bugs.gentoo.org/show_bug.cgi?id=273141
x_refsource_CONFIRM
35307
vdb-entry
x_refsource_BID
GLSA-200908-07
vendor-advisory
x_refsource_GENTOO
35685
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=504386
x_refsource_CONFIRM
35689
third-party-advisory
x_refsource_SECUNIA
ADV-2009-1571
vdb-entry
x_refsource_VUPEN
SUSE-SR:2009:012
vendor-advisory
x_refsource_SUSE
55041
vdb-entry
x_refsource_OSVDB
http://article.gmane.org/gmane.mail.virus.amavis.user/33638
x_refsource_MISC
35422
third-party-advisory
x_refsource_SECUNIA
35876
third-party-advisory
x_refsource_SECUNIA
FEDORA-2009-7680
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now