CVE-2009-2624 | SynScan

Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2009-2624

The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.

Published: Jan 29, 2010
Updated: Apr 13, 2023
CVE: CVE-2009-2624
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
gnu / gzip	1.3.1	1.3.1.x
gnu / gzip	1.3.8	1.3.8.x
gnu / gzip	-	1.3.12.x
gnu / gzip	1.3	1.3.x
gnu / gzip	1.3.3	1.3.3.x
gnu / gzip	1.3.11	1.3.11.x
gnu / gzip	1.3.6	1.3.6.x
gnu / gzip	1.3.2	1.3.2.x
gnu / gzip	1.2.4	1.2.4.x
gnu / gzip	1.3.10	1.3.10.x
gnu / gzip	1.3.5	1.3.5.x
gnu / gzip	1.3.7	1.3.7.x
gnu / gzip	1.2.4a	1.2.4a.x
gnu / gzip	1.3.9	1.3.9.x
gnu / gzip	1.3.4	1.3.4.x