Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0107Improper Restriction of Operations within the Bounds of a Memory Buffer in Zlib

8 documents7 sources
Severity
7.5HIGHNVD
EPSS
35.6%
top 2.92%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
ZlibDebian Zlib
Timeline
PublishedMar 7
Latest updateMay 3

Description

Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/zlib< zlib 1:1.1.4-10 (bookworm)
Debianzlib/zlib< 1:1.1.4-10+3
NVDzlib/zlib1.1.4

🔴Vulnerability Details

2
GHSA
GHSA-c9pj-8qx8-ccrw: Buffer overflow in the gzprintf function in zlib 12022-05-03
OSV
CVE-2003-0107: Buffer overflow in the gzprintf function in zlib 12003-03-07

💥Exploits & PoCs

2
Exploit-DB
Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun (1)2003-02-23
Exploit-DB
Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun (2)2003-02-23

📋Vendor Advisories

2
Red Hat
security flaw2003-02-22
Debian
CVE-2003-0107: zlib - Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled wi...2003

💬Community

1
Bugzilla
CVE-2003-0107 security flaw2018-08-16