CVE-2009-1391
Published: 16 June 2009
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libcompress-raw-zlib-perl Launchpad, Ubuntu, Debian |
upstream |
Released
(2.017)
|
| dapper |
Does not exist
|
|
| hardy |
Released
(2.008-1ubuntu0.1)
|
|
| intrepid |
Released
(2.011-2ubuntu0.1)
|
|
| jaunty |
Released
(2.015-1ubuntu0.1)
|
|
|
Patches: distro: http://patch-tracking.debian.net/patch/series/view/libcompress-raw-zlib-perl/2.015-2/CVE-2009-1391 |
||
|
perl Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| dapper |
Not vulnerable
(code not present)
|
|
| hardy |
Not vulnerable
(code not present)
|
|
| intrepid |
Released
(5.10.0-11.1ubuntu2.3)
|
|
| jaunty |
Released
(5.10.0-19ubuntu1.1)
|
|
|
Patches: distro: http://patch-tracking.debian.net/patch/misc/view/perl/5.10.0-23/ext/Compress/Raw/Zlib/Zlib.xs |
||