1. CVE-Search
  2. CVE-2009-1884
ID CVE-2009-1884
Summary Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.
References
Vulnerable Configurations
  • cpe:2.3:a:bzip:compress-raw-bzip2:*:*:*:*:*:*:*:*
    cpe:2.3:a:bzip:compress-raw-bzip2:*:*:*:*:*:*:*:*
  • cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_10:*:*:*:*:*:*:*
    cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_10:*:*:*:*:*:*:*
  • cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_12:*:*:*:*:*:*:*
    cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_12:*:*:*:*:*:*:*
  • cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_14:*:*:*:*:*:*:*
    cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_14:*:*:*:*:*:*:*
  • cpe:2.3:a:bzip:compress-raw-bzip2:2.0.01:*:*:*:*:*:*:*
    cpe:2.3:a:bzip:compress-raw-bzip2:2.0.01:*:*:*:*:*:*:*
  • cpe:2.3:a:bzip:compress-raw-bzip2:2.0.02:*:*:*:*:*:*:*
    cpe:2.3:a:bzip:compress-raw-bzip2:2.0.02:*:*:*:*:*:*:*
  • cpe:2.3:a:bzip:compress-raw-bzip2:2.0.03:*:*:*:*:*:*:*
    cpe:2.3:a:bzip:compress-raw-bzip2:2.0.03:*:*:*:*:*:*:*
  • cpe:2.3:a:bzip:compress-raw-bzip2:2.0.05:*:*:*:*:*:*:*
    cpe:2.3:a:bzip:compress-raw-bzip2:2.0.05:*:*:*:*:*:*:*
  • cpe:2.3:a:bzip:compress-raw-bzip2:2.0.06:*:*:*:*:*:*:*
    cpe:2.3:a:bzip:compress-raw-bzip2:2.0.06:*:*:*:*:*:*:*
  • cpe:2.3:a:bzip:compress-raw-bzip2:2.0.08:*:*:*:*:*:*:*
    cpe:2.3:a:bzip:compress-raw-bzip2:2.0.08:*:*:*:*:*:*:*
  • cpe:2.3:a:bzip:compress-raw-bzip2:2.0.09:*:*:*:*:*:*:*
    cpe:2.3:a:bzip:compress-raw-bzip2:2.0.09:*:*:*:*:*:*:*
  • cpe:2.3:a:bzip:compress-raw-bzip2:2.010:*:*:*:*:*:*:*
    cpe:2.3:a:bzip:compress-raw-bzip2:2.010:*:*:*:*:*:*:*
  • cpe:2.3:a:bzip:compress-raw-bzip2:2.011:*:*:*:*:*:*:*
    cpe:2.3:a:bzip:compress-raw-bzip2:2.011:*:*:*:*:*:*:*
  • cpe:2.3:a:bzip:compress-raw-bzip2:2.012:*:*:*:*:*:*:*
    cpe:2.3:a:bzip:compress-raw-bzip2:2.012:*:*:*:*:*:*:*
  • cpe:2.3:a:bzip:compress-raw-bzip2:2.014:*:*:*:*:*:*:*
    cpe:2.3:a:bzip:compress-raw-bzip2:2.014:*:*:*:*:*:*:*
  • cpe:2.3:a:bzip:compress-raw-bzip2:2.015:*:*:*:*:*:*:*
    cpe:2.3:a:bzip:compress-raw-bzip2:2.015:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 13-02-2023 - 01:17)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 36082
confirm
fedora
  • FEDORA-2009-8868
  • FEDORA-2009-8888
gentoo GLSA-200908-07
secunia
  • 36386
  • 36415
xf compressrawbzip2-bzinflate-dos(52628)
Last major update 13-02-2023 - 01:17
Published 19-08-2009 - 17:30
Last modified 13-02-2023 - 01:17
Back to Top