{"vuid":"VU#142121","idnumber":"142121","name":"zlib \"gzprintf()\" function vulnerable to buffer overflow","keywords":["zlib","gzprintf() function","buffer overflow","long string of characters","#define","Z_PRINTF_BUFSIZE"],"overview":"A buffer overflow exists in one of the functions included with the zlib compression library. This vulnerability may allow a remote attacker to execute arbitrary code or cause a denial of service. An exploit for this vulnerability is publicly available.","clean_desc":"The zlib website describes zlib as a \"...lossless data-compression library for use on virtually any computer hardware and operating system.\" A buffer overflow exists in the gzprintf function contained within the zlib compression library. For more detailed information, please see Richard Kettlewell's advisory.","impact":"A remote attacker may be able to execute code or cause a denial of service.","resolution":"Apply a vendor patch.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered by Richard Kettlewell.","author":"This document was written by Ian A Finlay.","public":["http://www.gzip.org/zlib/","http://online.securityfocus.com/bid/6913","http://securityfocus.org/archive/1/312869","http://www.securityfocus.com/archive/1/312869","http://www.iss.net/security_center/static/11381.php","http://secunia.com/advisories/24788","http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=3616065","http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=9916286"],"cveids":["CVE-2003-0107"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-02-25T13:47:22Z","publicdate":"2003-02-22T00:00:00Z","datefirstpublished":"2003-05-23T18:57:14Z","dateupdated":"2008-06-06T17:03:21Z","revision":11,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"15","cam_impact":"20","cam_easeofexploitation":"15","cam_attackeraccessrequired":"15","cam_scorecurrent":"29.109375","cam_scorecurrentwidelyknown":"29.109375","cam_scorecurrentwidelyknownexploited":"54.421875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":29.109375,"vulnote":null}