CVE-2009-1391 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-1391 Interim 1 9 2022-10-15T18:17:10Z current 2021-05-30T12:46:54Z 2022-10-15T18:17:10Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-1391 Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html E-Mail link for SUSE-SR:2009:012 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 perl-32bit-5.10.0-64.43.1 perl-5.10.0-64.43.1 perl-base-5.10.0-64.43.1 perl-doc-5.10.0-64.43.1 perl-x86-5.10.0-64.43.1 perl-5.10.0-64.43.1 as a component of SUSE Linux Enterprise Server 11 perl-32bit-5.10.0-64.43.1 as a component of SUSE Linux Enterprise Server 11 perl-base-5.10.0-64.43.1 as a component of SUSE Linux Enterprise Server 11 perl-doc-5.10.0-64.43.1 as a component of SUSE Linux Enterprise Server 11 perl-x86-5.10.0-64.43.1 as a component of SUSE Linux Enterprise Server 11 perl-5.10.0-64.43.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 perl-32bit-5.10.0-64.43.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 perl-base-5.10.0-64.43.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 perl-doc-5.10.0-64.43.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 perl-x86-5.10.0-64.43.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009. CVE-2009-1391 SUSE Linux Enterprise Server 11:perl-5.10.0-64.43.1 SUSE Linux Enterprise Server 11:perl-32bit-5.10.0-64.43.1 SUSE Linux Enterprise Server 11:perl-base-5.10.0-64.43.1 SUSE Linux Enterprise Server 11:perl-doc-5.10.0-64.43.1 SUSE Linux Enterprise Server 11:perl-x86-5.10.0-64.43.1 SUSE Linux Enterprise Server for SAP Applications 11:perl-5.10.0-64.43.1 SUSE Linux Enterprise Server for SAP Applications 11:perl-32bit-5.10.0-64.43.1 SUSE Linux Enterprise Server for SAP Applications 11:perl-base-5.10.0-64.43.1 SUSE Linux Enterprise Server for SAP Applications 11:perl-doc-5.10.0-64.43.1 SUSE Linux Enterprise Server for SAP Applications 11:perl-x86-5.10.0-64.43.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P