Unknown
CVE-2009-1391
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Unknown
(0 users assessed)
Unknown
(0 users assessed)Unknown
Unknown
Unknown
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
- paul marquess
Products
- compress-raw-zlib perl module,
- compress-raw-zlib perl module 2.001,
- compress-raw-zlib perl module 2.002,
- compress-raw-zlib perl module 2.003,
- compress-raw-zlib perl module 2.004,
- compress-raw-zlib perl module 2.005,
- compress-raw-zlib perl module 2.006,
- compress-raw-zlib perl module 2.008,
- compress-raw-zlib perl module 2.009,
- compress-raw-zlib perl module 2.010,
- compress-raw-zlib perl module 2.011,
- compress-raw-zlib perl module 2.012,
- compress-raw-zlib perl module 2.014
References
Advisory
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
