Computer Security
[EN] securityvulns.ru no-pyccku


perl DoS
updated since 03.07.2009
Published:20.08.2009
Source:
SecurityVulns ID:10035
Type:library
Threat Level:
5/10
Description:Crash on processing zlib stream via Compress::Raw::Zlib and bzip2 stream in Compress-Raw-Bzip2.
Affected:PERL : perl 5.10
CVE:CVE-2009-1884 (Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.)
 CVE-2009-1391 (Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:207 ] perl-Compress-Raw-Bzip2 (20.08.2009)
 documentUBUNTU, [USN-794-1] Perl vulnerability (03.07.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod