zlib.Compression.Library.DoS
Description
This indicates an attack attempt to exploit a denial of service vulnerability in ZLib compression library.
The vulnerability is caused by improper error handling in the Zlib's "inflate()" and "inflateBack()" functions.
Affected Products
zlib zlib 1.2.1
zlib zlib 1.2 .0.7
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
SCO Unixware 7.1.4
SCO Unixware 7.1.3 up
SCO Unixware 7.1.3
SCO Unixware 7.1.2
SCO Unixware 7.1.1
SCO Unixware 7.1
SCO Unixware 7.0.1
SCO Unixware 7.0
SCO Open Server 6.0
SCO Open Server 5.0.7
SCO Open Server 5.0.6 a
SCO Open Server 5.0.6
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Enterprise Server 9
RedHat Fedora Core2
OpenPKG OpenPKG 2.3
OpenPKG OpenPKG 2.2
OpenPKG OpenPKG 2.1
OpenPKG OpenPKG 2.0
OpenPKG OpenPKG Current
OpenBSD OpenBSD 3.5
OpenBSD OpenBSD -current
MandrakeSoft Linux Mandrake 10.0 AMD64
MandrakeSoft Linux Mandrake 10.0
MacSSH MacSSH 2.1 fc3
MacSFTP MacSFTP 1.0.6
libpng libpng3 1.2.6
libpng libpng 1.0.16
FileZilla FileZilla Server 0.7.1
FileZilla FileZilla Server 0.7
CVS CVS 1.12.12
Avaya Intuity R5 R5.1.46
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Upgrade to the latest version of zlib (1.2.2 or later), available fom the zlib Web site.
http://www.zlib.net/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |