CVE-2010-0001 pristine-tar

Metadata

medium
6.8
pristine-tar
CVE-2010-0001
2017-12-30 18:03
CVE-2010-0001 klibc
CVE-2010-0001 gzip
CVE-2010-0001 busybox
CVE-2010-0001 ncompress
CVE-2010-0001
2017-12-29 21:05
2017-06-18 07:05
2017-06-16 18:53
2017-04-01 19:11
2017-01-05 20:17

Description

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

None

Unaffected

Release Package Reason
stretch pristine-tar
jessie pristine-tar
buster pristine-tar
wheezy pristine-tar
sid pristine-tar