Home  >  CVE-2003-0107
CVE Details for CVE: CVE-2003-0107
Summary
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.
Timestamps
Last major update 03-01-2017 - 02:59
Published 07-03-2003 - 05:00
Last modified 03-01-2017 - 02:59
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:zlib:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:zlib:1.1.4:*:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
CWE
NVD-CWE-Other
CVSS
Base
7.5
Impact
6.4
Exploitability
10.0
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
CVSS3
None
VIA4 references
cvss-vector via4
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2003:079
  • rhsa
    id RHSA-2003:081
refmap via4
bid 6913
bugtraq
  • 20030222 buffer overrun in zlib 1.1.4
  • 20030223 poc zlib sploit just for fun :)
  • 20030224 Re: buffer overrun in zlib 1.1.4
  • 20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25
caldera CSSA-2003-011.0
cert-vn VU#142121
conectiva CLSA-2003:619
confirm http://lists.apple.com/mhonarc/security-announce/msg00038.html
gentoo GLSA-200303-25
jvn JVN#78689801
jvndb JVNDB-2015-000066
mandrake MDKSA-2003:033
netbsd NetBSD-SA2003-004
osvdb 6599
sunalert 57405
xf zlib-gzprintf-bo(11381)