CVE-2010-0001

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:P/I:P/A:P
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
gnugzip
𝑥
≤ 1.3.13
gnugzip
1.2.4
gnugzip
1.2.4a
gnugzip
1.3
gnugzip
1.3.1
gnugzip
1.3.2
gnugzip
1.3.3
gnugzip
1.3.4
gnugzip
1.3.5
gnugzip
1.3.6
gnugzip
1.3.7
gnugzip
1.3.8
gnugzip
1.3.9
gnugzip
1.3.10
gnugzip
1.3.11
gnugzip
1.3.12
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
busybox
bullseye
1:1.30.1-6
fixed
bookworm
1:1.35.0-4
fixed
sid
1:1.37.0-4
fixed
trixie
1:1.37.0-4
fixed
gzip
bullseye (security)
1.10-4+deb11u1
fixed
bullseye
1.10-4+deb11u1
fixed
bookworm
1.12-1
fixed
sid
1.12-1.1
fixed
trixie
1.12-1.1
fixed
klibc
bullseye
2.0.8-6.1
fixed
bookworm
2.0.12-1
fixed
sid
2.0.13-4
fixed
trixie
2.0.13-4
fixed
ncompress
bullseye
4.2.4.6-4
fixed
bookworm
4.2.4.6-6
fixed
sid
5.0-2
fixed
trixie
5.0-2
fixed
pristine-tar
bullseye
1.49
fixed
bookworm
1.50
fixed
sid
1.50+nmu2
fixed
trixie
1.50+nmu2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gzip
karmic
Fixed 1.3.12-8ubuntu1.1
released
jaunty
Fixed 1.3.12-6ubuntu2.9.04.1
released
intrepid
Fixed 1.3.12-6ubuntu2.8.10.1
released
hardy
Fixed 1.3.12-3.2ubuntu0.1
released
dapper
Fixed 1.3.5-12ubuntu0.3
released
Common Weakness Enumeration
References