Notes |
+ |
This bug was introduced in zlib v1.2.2.2 through zlib v1.2.11, with the addition of the Z_FIXED option, which forces the use of fixed Huffman codes, rather than dynamic Huffman codes, allowing for a simpler decoder for special applications. |
+ |
|
+ |
This bug is difficult to trigger, as Z_FIXED is usually only used in special circumstances. |
+ |
|
+ |
Rsync does the compression in-transit using zlib. As rsync uses vulnerable zlib v1.2.8 package, which incorrectly handles memory when performing certain zlib compressing or deflating operations. This results in rsync to crash. |
|