Bug 2850 – Zlib Compression Library gzprintf() Buffer Overrun Vulnerability

Bug 2850 - Zlib Compression Library gzprintf() Buffer Overrun Vulnerability

Summary:

Zlib Compression Library gzprintf() Buffer Overrun Vulnerability

Status:	CLOSED FIXED

Product:	Security
Classification:	Unclassified
Component:	General / Other Security Issue
Version:	unspecified
Platform:	All other

Importance:	P1 normal
Assigned To:	Seth Woolley

URL:	http://www.securityfocus.com/bid/6913...

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2003-03-19 08:34 UTC by shivaken
Modified:	2003-10-19 23:11 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description shivaken 2003-03-19 08:34:18 UTC

Zlib Compression Library gzprintf() Buffer Overrun Vulnerability is found. 
see http://www.securityfocus.com/bid/6913/ 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0107 
 
Patch is at 
http://www.securityfocus.com/data/vulnerabilities/patches/zlib-1.1.4-3-vsnprintf.patch

Comment 1 erics 2003-06-02 03:21:22 UTC

Time to take care of this? 
 
Eric

Comment 2 Seth Woolley 2003-06-02 04:42:59 UTC

I forgot to resolve this one fixed as well... patch is already in :)  Same day
the bug report was opened as well.

*makes mental note for next time to close these*

Comment 3 games 2003-10-19 21:58:25 UTC

I am guessing all of these could really be closed ?

Comment 4 games 2003-10-19 23:11:28 UTC

if any of these still have issues outstanding then they can be reopened, but
most  have just been overlooked/forgotten
("these" refers to the 611 fixed but not closed bugs I just found in our database)