FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zlib -- buffer overflow vulnerability

Affected packages
zsync < 0.4.1
5.4 <= FreeBSD < 5.4_4
5.3 <= FreeBSD < 5.3_18

Details

VuXML ID 8efe93e2-ee62-11d9-8310-0001020eed82
Discovery 2005-07-06
Entry 2005-07-06
Modified 2005-10-01

Problem Description

An error in the handling of corrupt compressed data streams can result in a buffer being overflowed.

Impact

By carefully crafting a corrupt compressed data stream, an attacker can overwrite data structures in a zlib-using application. This may cause the application to halt, causing a denial of service; or it may result in the attacker gaining elevated privileges.

References

CVE Name CVE-2005-2096
FreeBSD Advisory SA-05:16.zlib