CVE-2003-0107
published 2003-03-07CVE-2003-0107: Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
25.54%
97.7th percentile
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | zlib | < zlib 1:1.1.4-10 (bookworm) | zlib 1:1.1.4-10 (bookworm) |
| zlib | zlib | — | — |
| zlib | zlib | >= 0 < 1:1.1.4-10 | 1:1.1.4-10 |
| zlib | zlib | >= 0 < 1:1.1.4-10 | 1:1.1.4-10 |
| zlib | zlib | >= 0 < 1:1.1.4-10 | 1:1.1.4-10 |
| zlib | zlib | >= 0 < 1:1.1.4-10 | 1:1.1.4-10 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c9pj-8qx8-ccrw: Buffer overflow in the gzprintf function in zlib 1
ghsa_unreviewed·2022-05-03
CVE-2003-0107 [HIGH] GHSA-c9pj-8qx8-ccrw: Buffer overflow in the gzprintf function in zlib 1
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.
OSV
CVE-2003-0107: Buffer overflow in the gzprintf function in zlib 1
osv·2003-03-07·CVSS 7.5
CVE-2003-0107 [HIGH] CVE-2003-0107: Buffer overflow in the gzprintf function in zlib 1
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.
Red Hat
security flaw
vendor_redhat·2003-02-22·CVSS 7.5
CVE-2003-0107 [HIGH] security flaw
security flaw
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.
Debian
CVE-2003-0107: zlib - Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled wi...
vendor_debian·2003·CVSS 7.5
CVE-2003-0107 [HIGH] CVE-2003-0107: zlib - Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled wi...
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.
Scope: local
bookworm: resolved (fixed in 1:1.1.4-10)
bullseye: resolved (fixed in 1:1.1.4-10)
forky: resolved (fixed in 1:1.1.4-10)
sid: resolved (fixed in 1:1.1.4-10)
trixie: resolved (fixed in 1:1.1.4-10)
No detection rules found.
Exploit-DB
Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun (1)
exploitdb·2003-02-23
CVE-2003-0107 Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun (1)
Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun (1)
---
// source: https://www.securityfocus.com/bid/6913/info
A buffer-overrun vulnerability has been reported in the Zlib compression library. Due to the use of 'vsprintf()' by an internal Zlib function, an attacker can cause memory to become corrupted. This buffer overrun occurs becuase the software fails to check the boundaries of user-supplied data given to the 'gzprintf()' function.
Successful exploitation of this vulnerability may allow an attacker to execute arbitrary instructions.
Note that only Zlib 1.1.4 has been reported vulnerable to this issue. It is not yet known whether earlier versions are also affected.
#include
#include
#include
int main(void) {
gzFile f;
int ret;
if(!(f = gzopen("/dev/null", "w"))) {
p
Exploit-DB
Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun (2)
exploitdb·2003-02-23
CVE-2003-0107 Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun (2)
Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun (2)
---
// source: https://www.securityfocus.com/bid/6913/info
A buffer-overrun vulnerability has been reported in the Zlib compression library. Due to the use of 'vsprintf()' by an internal Zlib function, an attacker can cause memory to become corrupted. This buffer overrun occurs becuase the software fails to check the boundaries of user-supplied data given to the 'gzprintf()' function.
Successful exploitation of this vulnerability may allow an attacker to execute arbitrary instructions.
Note that only Zlib 1.1.4 has been reported vulnerable to this issue. It is not yet known whether earlier versions are also affected.
C local exploit for zlib
#include
#include
int main(int argc, char **argv) {
char shell[]=
"\x90\x90\x
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txtftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.aschttp://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619http://jvn.jp/en/jp/JVN78689801/index.htmlhttp://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.htmlhttp://lists.apple.com/mhonarc/security-announce/msg00038.htmlhttp://marc.info/?l=bugtraq&m=104610337726297&w=2http://marc.info/?l=bugtraq&m=104610536129508&w=2http://marc.info/?l=bugtraq&m=104620610427210&w=2http://marc.info/?l=bugtraq&m=104887247624907&w=2http://online.securityfocus.com/archive/1/312869http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405http://www.iss.net/security_center/static/11381.phphttp://www.kb.cert.org/vuls/id/142121http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033http://www.osvdb.org/6599http://www.redhat.com/support/errata/RHSA-2003-079.htmlhttp://www.redhat.com/support/errata/RHSA-2003-081.htmlhttp://www.securityfocus.com/bid/6913ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txtftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.aschttp://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619http://jvn.jp/en/jp/JVN78689801/index.htmlhttp://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.htmlhttp://lists.apple.com/mhonarc/security-announce/msg00038.htmlhttp://marc.info/?l=bugtraq&m=104610337726297&w=2http://marc.info/?l=bugtraq&m=104610536129508&w=2http://marc.info/?l=bugtraq&m=104620610427210&w=2http://marc.info/?l=bugtraq&m=104887247624907&w=2http://online.securityfocus.com/archive/1/312869http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405http://www.iss.net/security_center/static/11381.phphttp://www.kb.cert.org/vuls/id/142121http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033http://www.osvdb.org/6599http://www.redhat.com/support/errata/RHSA-2003-079.htmlhttp://www.redhat.com/support/errata/RHSA-2003-081.htmlhttp://www.securityfocus.com/bid/6913
2003-03-07
Published