CVE-2009-1391
EPSS 18.4%
Description
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.
How to fix CVE-2009-1391
To remediate CVE-2009-1391, upgrade the affected package to a fixed version below.
- Debian/libcompress-raw-zlib-perl—upgrade to 2.015-2 or later
- Debian/perl—upgrade to 5.10.0-23 or later
Is CVE-2009-1391 being exploited?
Moderate — EPSS is 18.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2.015-2
- from 0, < 5.10.0-23