zlib vulnerability affects erlang

Matthias Lang matthias@REDACTED
Mon Mar 11 23:55:51 CET 2002


I swiped this from the debian security mailing list. It appears to affect
Erlang, since Erlang includes the vulnerable version of zlib,
certainly open source R8B-0 does. See also


Seems pretty far-fetched that someone could come up with an exploit
for this, though, there are fatter fish to fry.


Debian Security Advisory DSA 122-1                     security@REDACTED
http://www.debian.org/security/                              Michael Stone
March 11th, 2002

Package        : zlib, various
Vulnerability  : malloc error (double free)
Problem-Type   : potential remote root
Debian-specific: no

The compression library zlib has a flaw in which it attempts to free
memory more than once under certain conditions. This can possibly be
exploited to run arbitrary code in a program that includes zlib. If a
network application running as root is linked to zlib, this could
potentially lead to a remote root compromise. No exploits are known at
this time. This vulnerability is assigned the CVE candidate name of

More information about the erlang-questions mailing list