Vulnerabilites related to bzip - bzip2
cve-2011-4089
Vulnerability from cvelistv5
Published
2014-04-16 18:00
Modified
2024-08-06 23:53
Severity ?
EPSS score ?
Summary
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
References
▼ | URL | Tags |
---|---|---|
http://seclists.org/fulldisclosure/2011/Oct/804 | mailing-list, x_refsource_FULLDISC | |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862 | x_refsource_CONFIRM | |
http://www.ubuntu.com/usn/USN-1308-1 | vendor-advisory, x_refsource_UBUNTU | |
http://www.exploit-db.com/exploits/18147 | exploit, x_refsource_EXPLOIT-DB | |
http://www.openwall.com/lists/oss-security/2011/10/28/16 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:53:32.623Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20111025 Re: Symlink vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2011/Oct/804", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862", }, { name: "USN-1308-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1308-1", }, { name: "18147", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "http://www.exploit-db.com/exploits/18147", }, { name: "[oss-security] 20111028 Re: Request for CVE Identifier: bzexe insecure\ttemporary file", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/10/28/16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-07-06T00:00:00", descriptions: [ { lang: "en", value: "The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-04-16T17:57:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "20111025 Re: Symlink vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2011/Oct/804", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862", }, { name: "USN-1308-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1308-1", }, { name: "18147", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "http://www.exploit-db.com/exploits/18147", }, { name: "[oss-security] 20111028 Re: Request for CVE Identifier: bzexe insecure\ttemporary file", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/10/28/16", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-4089", datePublished: "2014-04-16T18:00:00", dateReserved: "2011-10-18T00:00:00", dateUpdated: "2024-08-06T23:53:32.623Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3189
Vulnerability from cvelistv5
Published
2016-06-30 17:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:47:57.965Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20160620 CVE-2016-3189: bzip2 use-after-free on bzip2recover", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/06/20/1", }, { name: "1036132", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036132", }, { name: "91297", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91297", }, { name: "GLSA-201708-08", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201708-08", }, { name: "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", }, { name: "USN-4038-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4038-2/", }, { name: "USN-4038-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4038-1/", }, { name: "20190715 [slackware-security] bzip2 (SSA:2019-195-01)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jul/22", }, { name: "FreeBSD-SA-19:18", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc", }, { name: "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Aug/4", }, { name: "[kafka-dev] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200413 [jira] [Updated] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200414 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", }, { name: "[kafka-jira] 20210729 [jira] [Comment Edited] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-20T00:00:00", descriptions: [ { lang: "en", value: "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-29T06:06:43", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20160620 CVE-2016-3189: bzip2 use-after-free on bzip2recover", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/06/20/1", }, { name: "1036132", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036132", }, { name: "91297", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91297", }, { name: "GLSA-201708-08", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201708-08", }, { name: "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", }, { name: "USN-4038-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4038-2/", }, { name: "USN-4038-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4038-1/", }, { name: "20190715 [slackware-security] bzip2 (SSA:2019-195-01)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jul/22", }, { name: "FreeBSD-SA-19:18", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc", }, { name: "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Aug/4", }, { name: "[kafka-dev] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200413 [jira] [Updated] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200414 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", }, { name: "[kafka-jira] 20210729 [jira] [Comment Edited] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-3189", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20160620 CVE-2016-3189: bzip2 use-after-free on bzip2recover", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/06/20/1", }, { name: "1036132", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036132", }, { name: "91297", refsource: "BID", url: "http://www.securityfocus.com/bid/91297", }, { name: "GLSA-201708-08", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201708-08", }, { name: "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", }, { name: "USN-4038-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4038-2/", }, { name: "USN-4038-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4038-1/", }, { name: "20190715 [slackware-security] bzip2 (SSA:2019-195-01)", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jul/22", }, { name: "FreeBSD-SA-19:18", refsource: "FREEBSD", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc", }, { name: "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Aug/4", }, { name: "[kafka-dev] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", refsource: "MLIST", url: "https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73@%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200413 [jira] [Updated] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b@%3Cusers.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200414 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3@%3Cjira.kafka.apache.org%3E", }, { name: "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", }, { name: "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html", }, { name: "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", }, { name: "[kafka-jira] 20210729 [jira] [Comment Edited] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af@%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203@%3Cjira.kafka.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-3189", datePublished: "2016-06-30T17:00:00", dateReserved: "2016-03-15T00:00:00", dateUpdated: "2024-08-05T23:47:57.965Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-0405
Vulnerability from cvelistv5
Published
2010-09-28 17:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:45:12.275Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-986-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-986-3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3", }, { name: "FEDORA-2010-17439", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html", }, { name: "USN-986-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-986-1", }, { name: "USN-986-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-986-2", }, { name: "41452", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/41452", }, { name: "42404", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/42404", }, { name: "48378", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/48378", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230", }, { name: "ADV-2010-3073", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/3073", }, { name: "ADV-2010-2455", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/2455", }, { name: "APPLE-SA-2011-03-21-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html", }, { name: "42530", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/42530", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231", }, { name: "[oss-security] 20100921 bzip2 CVE-2010-0405 integer overflow", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://marc.info/?l=oss-security&m=128506868510655&w=2", }, { name: "42529", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/42529", }, { name: "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/515055/100/0/threaded", }, { name: "41505", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/41505", }, { name: "ADV-2010-3052", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/3052", }, { name: "RHSA-2010:0703", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2010-0703.html", }, { name: "RHSA-2010:0858", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2010-0858.html", }, { name: "FEDORA-2010-1512", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow", }, { name: "42405", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/42405", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=627882", }, { name: "ADV-2010-3126", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/3126", }, { name: "GLSA-201301-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-201301-05.xml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2010-0019.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.bzip.org/", }, { name: "ADV-2010-3127", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/3127", }, { name: "ADV-2010-3043", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/3043", }, { name: "SUSE-SR:2010:018", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html", }, { name: "42350", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/42350", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT4581", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-09-21T00:00:00", descriptions: [ { lang: "en", value: "Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-10T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-986-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-986-3", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3", }, { name: "FEDORA-2010-17439", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html", }, { name: "USN-986-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-986-1", }, { name: "USN-986-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-986-2", }, { name: "41452", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/41452", }, { name: "42404", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/42404", }, { name: "48378", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/48378", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230", }, { name: "ADV-2010-3073", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/3073", }, { name: "ADV-2010-2455", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/2455", }, { name: "APPLE-SA-2011-03-21-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html", }, { name: "42530", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/42530", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231", }, { name: "[oss-security] 20100921 bzip2 CVE-2010-0405 integer overflow", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://marc.info/?l=oss-security&m=128506868510655&w=2", }, { name: "42529", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/42529", }, { name: "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/515055/100/0/threaded", }, { name: "41505", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/41505", }, { name: "ADV-2010-3052", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/3052", }, { name: "RHSA-2010:0703", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2010-0703.html", }, { name: "RHSA-2010:0858", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2010-0858.html", }, { name: "FEDORA-2010-1512", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow", }, { name: "42405", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/42405", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=627882", }, { name: "ADV-2010-3126", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/3126", }, { name: "GLSA-201301-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-201301-05.xml", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2010-0019.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.bzip.org/", }, { name: "ADV-2010-3127", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/3127", }, { name: "ADV-2010-3043", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/3043", }, { name: "SUSE-SR:2010:018", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html", }, { name: "42350", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/42350", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT4581", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-0405", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-986-3", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-986-3", }, { name: "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.3", refsource: "CONFIRM", url: "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.3", }, { name: "FEDORA-2010-17439", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html", }, { name: "USN-986-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-986-1", }, { name: "USN-986-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-986-2", }, { name: "41452", refsource: "SECUNIA", url: "http://secunia.com/advisories/41452", }, { name: "42404", refsource: "SECUNIA", url: "http://secunia.com/advisories/42404", }, { name: "48378", refsource: "SECUNIA", url: "http://secunia.com/advisories/48378", }, { name: "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230", refsource: "CONFIRM", url: "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230", }, { name: "ADV-2010-3073", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/3073", }, { name: "ADV-2010-2455", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/2455", }, { name: "APPLE-SA-2011-03-21-1", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html", }, { name: "42530", refsource: "SECUNIA", url: "http://secunia.com/advisories/42530", }, { name: "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231", refsource: "CONFIRM", url: "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231", }, { name: "[oss-security] 20100921 bzip2 CVE-2010-0405 integer overflow", refsource: "MLIST", url: "http://marc.info/?l=oss-security&m=128506868510655&w=2", }, { name: "42529", refsource: "SECUNIA", url: "http://secunia.com/advisories/42529", }, { name: "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/515055/100/0/threaded", }, { name: "41505", refsource: "SECUNIA", url: "http://secunia.com/advisories/41505", }, { name: "ADV-2010-3052", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/3052", }, { name: "RHSA-2010:0703", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2010-0703.html", }, { name: "RHSA-2010:0858", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2010-0858.html", }, { name: "FEDORA-2010-1512", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html", }, { name: "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow", refsource: "CONFIRM", url: "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow", }, { name: "42405", refsource: "SECUNIA", url: "http://secunia.com/advisories/42405", }, { name: "http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/", refsource: "CONFIRM", url: "http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=627882", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=627882", }, { name: "ADV-2010-3126", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/3126", }, { name: "GLSA-201301-05", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-201301-05.xml", }, { name: "http://www.vmware.com/security/advisories/VMSA-2010-0019.html", refsource: "CONFIRM", url: "http://www.vmware.com/security/advisories/VMSA-2010-0019.html", }, { name: "http://www.bzip.org/", refsource: "CONFIRM", url: "http://www.bzip.org/", }, { name: "ADV-2010-3127", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/3127", }, { name: "ADV-2010-3043", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/3043", }, { name: "SUSE-SR:2010:018", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html", }, { name: "42350", refsource: "SECUNIA", url: "http://secunia.com/advisories/42350", }, { name: "http://support.apple.com/kb/HT4581", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT4581", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-0405", datePublished: "2010-09-28T17:00:00", dateReserved: "2010-01-27T00:00:00", dateUpdated: "2024-08-07T00:45:12.275Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0953
Vulnerability from cvelistv5
Published
2005-04-03 05:00
Modified
2024-08-07 21:28
Severity ?
EPSS score ?
Summary
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:28:29.118Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:1154", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154", }, { name: "FLSA:158801", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html", }, { name: "26444", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/26444", }, { name: "NetBSD-SA2008-004", tags: [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc", }, { name: "bzip2-toctou-symlink(19926)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19926", }, { name: "DSA-730", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-730", }, { name: "OpenPKG-SA-2007.002", tags: [ "vendor-advisory", "x_refsource_OPENPKG", "x_transferred", ], url: "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html", }, { name: "oval:org.mitre.oval:def:10902", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902", }, { name: "27274", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27274", }, { name: "20070109 rPSA-2007-0004-1 bzip2", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/456430/30/8730/threaded", }, { name: "200191", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1", }, { name: "APPLE-SA-2007-11-14", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://docs.info.apple.com/article.html?artnum=307041", }, { name: "ADV-2007-3525", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/3525", }, { name: "ADV-2007-3868", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/3868", }, { name: "29940", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29940", }, { name: "20060301-01-U", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc", }, { name: "27643", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27643", }, { name: "12954", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12954", }, { name: "19183", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19183", }, { name: "MDKSA-2006:026", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026", }, { name: "RHSA-2005:474", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-474.html", }, { name: "TA07-319A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-319A.html", }, { name: "20050330 bzip2 TOCTOU file-permissions vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=111229375217633&w=2", }, { name: "103118", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-03-30T00:00:00", descriptions: [ { lang: "en", value: "Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-19T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "oval:org.mitre.oval:def:1154", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154", }, { name: "FLSA:158801", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html", }, { name: "26444", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/26444", }, { name: "NetBSD-SA2008-004", tags: [ "vendor-advisory", "x_refsource_NETBSD", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc", }, { name: "bzip2-toctou-symlink(19926)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19926", }, { name: "DSA-730", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-730", }, { name: "OpenPKG-SA-2007.002", tags: [ "vendor-advisory", "x_refsource_OPENPKG", ], url: "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html", }, { name: "oval:org.mitre.oval:def:10902", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902", }, { name: "27274", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27274", }, { name: "20070109 rPSA-2007-0004-1 bzip2", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/456430/30/8730/threaded", }, { name: "200191", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1", }, { name: "APPLE-SA-2007-11-14", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://docs.info.apple.com/article.html?artnum=307041", }, { name: "ADV-2007-3525", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/3525", }, { name: "ADV-2007-3868", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/3868", }, { name: "29940", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29940", }, { name: "20060301-01-U", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc", }, { name: "27643", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27643", }, { name: "12954", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12954", }, { name: "19183", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19183", }, { name: "MDKSA-2006:026", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026", }, { name: "RHSA-2005:474", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-474.html", }, { name: "TA07-319A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-319A.html", }, { name: "20050330 bzip2 TOCTOU file-permissions vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=111229375217633&w=2", }, { name: "103118", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-0953", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:1154", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154", }, { name: "FLSA:158801", refsource: "FEDORA", url: "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html", }, { name: "26444", refsource: "BID", url: "http://www.securityfocus.com/bid/26444", }, { name: "NetBSD-SA2008-004", refsource: "NETBSD", url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc", }, { name: "bzip2-toctou-symlink(19926)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19926", }, { name: "DSA-730", refsource: "DEBIAN", url: "http://www.debian.org/security/2005/dsa-730", }, { name: "OpenPKG-SA-2007.002", refsource: "OPENPKG", url: "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html", }, { name: "oval:org.mitre.oval:def:10902", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902", }, { name: "27274", refsource: "SECUNIA", url: "http://secunia.com/advisories/27274", }, { name: "20070109 rPSA-2007-0004-1 bzip2", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/456430/30/8730/threaded", }, { name: "200191", refsource: "SUNALERT", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1", }, { name: "APPLE-SA-2007-11-14", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html", }, { name: "http://docs.info.apple.com/article.html?artnum=307041", refsource: "CONFIRM", url: "http://docs.info.apple.com/article.html?artnum=307041", }, { name: "ADV-2007-3525", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/3525", }, { name: "ADV-2007-3868", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/3868", }, { name: "29940", refsource: "SECUNIA", url: "http://secunia.com/advisories/29940", }, { name: "20060301-01-U", refsource: "SGI", url: "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc", }, { name: "27643", refsource: "SECUNIA", url: "http://secunia.com/advisories/27643", }, { name: "12954", refsource: "BID", url: "http://www.securityfocus.com/bid/12954", }, { name: "19183", refsource: "SECUNIA", url: "http://secunia.com/advisories/19183", }, { name: "MDKSA-2006:026", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026", }, { name: "RHSA-2005:474", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-474.html", }, { name: "TA07-319A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA07-319A.html", }, { name: "20050330 bzip2 TOCTOU file-permissions vulnerability", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=111229375217633&w=2", }, { name: "103118", refsource: "SUNALERT", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-0953", datePublished: "2005-04-03T05:00:00", dateReserved: "2005-04-03T00:00:00", dateUpdated: "2024-08-07T21:28:29.118Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12900
Vulnerability from cvelistv5
Published
2019-06-19 22:07
Modified
2024-08-04 23:32
Severity ?
EPSS score ?
Summary
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:32:55.554Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", }, { name: "USN-4038-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4038-2/", }, { name: "USN-4038-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4038-1/", }, { name: "20190715 [slackware-security] bzip2 (SSA:2019-195-01)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jul/22", }, { name: "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html", }, { name: "openSUSE-SU-2019:1781", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html", }, { name: "FreeBSD-SA-19:18", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc", }, { name: "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Aug/4", }, { name: "openSUSE-SU-2019:1918", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html", }, { name: "USN-4146-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4146-1/", }, { name: "USN-4146-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4146-2/", }, { name: "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html", }, { name: "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html", }, { name: "openSUSE-SU-2019:2595", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html", }, { name: "openSUSE-SU-2019:2597", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html", }, { name: "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K68713584?utm_source=f5support&%3Butm_medium=RSS", }, { name: "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E", }, { name: "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-17T13:06:11", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", }, { name: "USN-4038-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4038-2/", }, { name: "USN-4038-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4038-1/", }, { name: "20190715 [slackware-security] bzip2 (SSA:2019-195-01)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jul/22", }, { name: "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html", }, { name: "openSUSE-SU-2019:1781", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html", }, { name: "FreeBSD-SA-19:18", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc", }, { name: "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Aug/4", }, { name: "openSUSE-SU-2019:1918", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html", }, { name: "USN-4146-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4146-1/", }, { name: "USN-4146-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4146-2/", }, { name: "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html", }, { name: "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html", }, { name: "openSUSE-SU-2019:2595", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html", }, { name: "openSUSE-SU-2019:2597", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html", }, { name: "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K68713584?utm_source=f5support&%3Butm_medium=RSS", }, { name: "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E", }, { name: "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12900", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", }, { name: "USN-4038-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4038-2/", }, { name: "USN-4038-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4038-1/", }, { name: "20190715 [slackware-security] bzip2 (SSA:2019-195-01)", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jul/22", }, { name: "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html", }, { name: "openSUSE-SU-2019:1781", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html", }, { name: "FreeBSD-SA-19:18", refsource: "FREEBSD", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc", }, { name: "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Aug/4", }, { name: "openSUSE-SU-2019:1918", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html", }, { name: "USN-4146-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4146-1/", }, { name: "USN-4146-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4146-2/", }, { name: "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html", }, { name: "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html", }, { name: "openSUSE-SU-2019:2595", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html", }, { name: "openSUSE-SU-2019:2597", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html", }, { name: "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b@%3Cusers.kafka.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html", }, { name: "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", }, { name: "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc", refsource: "MISC", url: "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc", }, { name: "https://support.f5.com/csp/article/K68713584?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K68713584?utm_source=f5support&utm_medium=RSS", }, { name: "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4@%3Cuser.flink.apache.org%3E", }, { name: "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774@%3Cuser.flink.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12900", datePublished: "2019-06-19T22:07:57", dateReserved: "2019-06-19T00:00:00", dateUpdated: "2024-08-04T23:32:55.554Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-1372
Vulnerability from cvelistv5
Published
2008-03-18 21:00
Modified
2024-08-07 08:17
Severity ?
EPSS score ?
Summary
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:17:34.837Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT3757", }, { name: "bzip2-archives-code-execution(41249)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41249", }, { name: "SUSE-SR:2008:011", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.bzip.org/CHANGES", }, { name: "241786", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1", }, { name: "36096", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36096", }, { name: "FEDORA-2008-2970", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html", }, { name: "NetBSD-SA2008-004", tags: [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc", }, { name: "20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/498863/100/0/threaded", }, { name: "ADV-2008-2557", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2557", }, { name: "31878", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31878", }, { name: "SSA:2008-098-02", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263", }, { name: "31869", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31869", }, { name: "1020867", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020867", }, { name: "RHSA-2008:0893", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0893.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kb.vmware.com/kb/1007504", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html", }, { name: "APPLE-SA-2009-08-05-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html", }, { name: "VU#813451", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/813451", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.gentoo.org/attachment.cgi?id=146488&action=view", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kb.vmware.com/kb/1007198", }, { name: "GLSA-200804-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml", }, { name: "FEDORA-2008-3037", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kb.vmware.com/kb/1006982", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ipcop.org/index.php?name=News&file=article&sid=40", }, { name: "29656", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29656", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118", }, { name: "29475", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29475", }, { name: "29698", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29698", }, { name: "29497", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29497", }, { name: "29940", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29940", }, { name: "20080321 rPSA-2008-0118-1 bzip2", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/489968/100/0/threaded", }, { name: "oval:org.mitre.oval:def:6467", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467", }, { name: "oval:org.mitre.oval:def:10067", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067", }, { name: "GLSA-200903-40", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200903-40.xml", }, { name: "31204", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31204", }, { name: "USN-590-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/590-1/", }, { name: "MDVSA-2008:075", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:075", }, { name: "ADV-2008-0915", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0915", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/", }, { name: "29506", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29506", }, { name: "ADV-2009-2172", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/2172", }, { name: "TA09-218A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html", }, { name: "28286", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/28286", }, { name: "29410", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29410", }, { name: "29677", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29677", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-03-17T00:00:00", descriptions: [ { lang: "en", value: "bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT3757", }, { name: "bzip2-archives-code-execution(41249)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41249", }, { name: "SUSE-SR:2008:011", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.bzip.org/CHANGES", }, { name: "241786", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1", }, { name: "36096", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36096", }, { name: "FEDORA-2008-2970", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html", }, { name: "NetBSD-SA2008-004", tags: [ "vendor-advisory", "x_refsource_NETBSD", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc", }, { name: "20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/498863/100/0/threaded", }, { name: "ADV-2008-2557", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2557", }, { name: "31878", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31878", }, { name: "SSA:2008-098-02", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263", }, { name: "31869", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31869", }, { name: "1020867", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020867", }, { name: "RHSA-2008:0893", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0893.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kb.vmware.com/kb/1007504", }, { tags: [ "x_refsource_MISC", ], url: "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html", }, { name: "APPLE-SA-2009-08-05-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html", }, { name: "VU#813451", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/813451", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.gentoo.org/attachment.cgi?id=146488&action=view", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kb.vmware.com/kb/1007198", }, { name: "GLSA-200804-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml", }, { name: "FEDORA-2008-3037", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kb.vmware.com/kb/1006982", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ipcop.org/index.php?name=News&file=article&sid=40", }, { name: "29656", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29656", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118", }, { name: "29475", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29475", }, { name: "29698", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29698", }, { name: "29497", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29497", }, { name: "29940", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29940", }, { name: "20080321 rPSA-2008-0118-1 bzip2", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/489968/100/0/threaded", }, { name: "oval:org.mitre.oval:def:6467", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467", }, { name: "oval:org.mitre.oval:def:10067", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067", }, { name: "GLSA-200903-40", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200903-40.xml", }, { name: "31204", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31204", }, { name: "USN-590-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/590-1/", }, { name: "MDVSA-2008:075", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:075", }, { name: "ADV-2008-0915", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0915", }, { tags: [ "x_refsource_MISC", ], url: "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/", }, { name: "29506", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29506", }, { name: "ADV-2009-2172", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/2172", }, { name: "TA09-218A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html", }, { name: "28286", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/28286", }, { name: "29410", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29410", }, { name: "29677", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29677", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-1372", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://support.apple.com/kb/HT3757", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT3757", }, { name: "bzip2-archives-code-execution(41249)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41249", }, { name: "SUSE-SR:2008:011", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html", }, { name: "http://www.bzip.org/CHANGES", refsource: "CONFIRM", url: "http://www.bzip.org/CHANGES", }, { name: "241786", refsource: "SUNALERT", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1", }, { name: "36096", refsource: "SECUNIA", url: "http://secunia.com/advisories/36096", }, { name: "FEDORA-2008-2970", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html", }, { name: "NetBSD-SA2008-004", refsource: "NETBSD", url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc", }, { name: "20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/498863/100/0/threaded", }, { name: "ADV-2008-2557", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2557", }, { name: "31878", refsource: "SECUNIA", url: "http://secunia.com/advisories/31878", }, { name: "SSA:2008-098-02", refsource: "SLACKWARE", url: "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263", }, { name: "31869", refsource: "SECUNIA", url: "http://secunia.com/advisories/31869", }, { name: "1020867", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020867", }, { name: "RHSA-2008:0893", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0893.html", }, { name: "http://kb.vmware.com/kb/1007504", refsource: "CONFIRM", url: "http://kb.vmware.com/kb/1007504", }, { name: "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html", refsource: "MISC", url: "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html", }, { name: "APPLE-SA-2009-08-05-1", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html", }, { name: "VU#813451", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/813451", }, { name: "https://bugs.gentoo.org/attachment.cgi?id=146488&action=view", refsource: "CONFIRM", url: "https://bugs.gentoo.org/attachment.cgi?id=146488&action=view", }, { name: "http://kb.vmware.com/kb/1007198", refsource: "CONFIRM", url: "http://kb.vmware.com/kb/1007198", }, { name: "GLSA-200804-02", refsource: "GENTOO", url: "http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml", }, { name: "FEDORA-2008-3037", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html", }, { name: "http://kb.vmware.com/kb/1006982", refsource: "CONFIRM", url: "http://kb.vmware.com/kb/1006982", }, { name: "http://www.ipcop.org/index.php?name=News&file=article&sid=40", refsource: "CONFIRM", url: "http://www.ipcop.org/index.php?name=News&file=article&sid=40", }, { name: "29656", refsource: "SECUNIA", url: "http://secunia.com/advisories/29656", }, { name: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118", refsource: "CONFIRM", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118", }, { name: "29475", refsource: "SECUNIA", url: "http://secunia.com/advisories/29475", }, { name: "29698", refsource: "SECUNIA", url: "http://secunia.com/advisories/29698", }, { name: "29497", refsource: "SECUNIA", url: "http://secunia.com/advisories/29497", }, { name: "29940", refsource: "SECUNIA", url: "http://secunia.com/advisories/29940", }, { name: "20080321 rPSA-2008-0118-1 bzip2", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/489968/100/0/threaded", }, { name: "oval:org.mitre.oval:def:6467", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467", }, { name: "oval:org.mitre.oval:def:10067", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067", }, { name: "GLSA-200903-40", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200903-40.xml", }, { name: "31204", refsource: "SECUNIA", url: "http://secunia.com/advisories/31204", }, { name: "USN-590-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/590-1/", }, { name: "MDVSA-2008:075", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:075", }, { name: "ADV-2008-0915", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/0915", }, { name: "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/", refsource: "MISC", url: "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/", }, { name: "29506", refsource: "SECUNIA", url: "http://secunia.com/advisories/29506", }, { name: "ADV-2009-2172", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/2172", }, { name: "TA09-218A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html", }, { name: "28286", refsource: "BID", url: "http://www.securityfocus.com/bid/28286", }, { name: "29410", refsource: "SECUNIA", url: "http://secunia.com/advisories/29410", }, { name: "29677", refsource: "SECUNIA", url: "http://secunia.com/advisories/29677", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-1372", datePublished: "2008-03-18T21:00:00", dateReserved: "2008-03-18T00:00:00", dateUpdated: "2024-08-07T08:17:34.837Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-0761
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.
References
▼ | URL | Tags |
---|---|---|
http://www.iss.net/security_center/static/9128.php | vdb-entry, x_refsource_XF | |
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt | vendor-advisory, x_refsource_CALDERA | |
http://www.securityfocus.com/bid/4776 | vdb-entry, x_refsource_BID | |
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc | vendor-advisory, x_refsource_FREEBSD |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:03:49.251Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "bzip2-compression-symlink(9128)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/9128.php", }, { name: "CSSA-2002-039.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred", ], url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt", }, { name: "4776", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/4776", }, { name: "FreeBSD-SA-02:25", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-05-20T00:00:00", descriptions: [ { lang: "en", value: "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2003-03-24T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "bzip2-compression-symlink(9128)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/9128.php", }, { name: "CSSA-2002-039.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", ], url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt", }, { name: "4776", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/4776", }, { name: "FreeBSD-SA-02:25", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-0761", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "bzip2-compression-symlink(9128)", refsource: "XF", url: "http://www.iss.net/security_center/static/9128.php", }, { name: "CSSA-2002-039.0", refsource: "CALDERA", url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt", }, { name: "4776", refsource: "BID", url: "http://www.securityfocus.com/bid/4776", }, { name: "FreeBSD-SA-02:25", refsource: "FREEBSD", url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-0761", datePublished: "2003-04-02T05:00:00", dateReserved: "2002-07-25T00:00:00", dateUpdated: "2024-08-08T03:03:49.251Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-0759
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.
References
▼ | URL | Tags |
---|---|---|
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt | vendor-advisory, x_refsource_CALDERA | |
http://www.iss.net/security_center/static/9126.php | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/4774 | vdb-entry, x_refsource_BID | |
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc | vendor-advisory, x_refsource_FREEBSD |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:03:48.640Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "CSSA-2002-039.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred", ], url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt", }, { name: "bzip2-decompression-file-overwrite(9126)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/9126.php", }, { name: "4774", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/4774", }, { name: "FreeBSD-SA-02:25", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-05-20T00:00:00", descriptions: [ { lang: "en", value: "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2003-03-24T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "CSSA-2002-039.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", ], url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt", }, { name: "bzip2-decompression-file-overwrite(9126)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/9126.php", }, { name: "4774", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/4774", }, { name: "FreeBSD-SA-02:25", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-0759", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "CSSA-2002-039.0", refsource: "CALDERA", url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt", }, { name: "bzip2-decompression-file-overwrite(9126)", refsource: "XF", url: "http://www.iss.net/security_center/static/9126.php", }, { name: "4774", refsource: "BID", url: "http://www.securityfocus.com/bid/4774", }, { name: "FreeBSD-SA-02:25", refsource: "FREEBSD", url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-0759", datePublished: "2003-04-02T05:00:00", dateReserved: "2002-07-25T00:00:00", dateUpdated: "2024-08-08T03:03:48.640Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-1260
Vulnerability from cvelistv5
Published
2005-05-19 04:00
Modified
2024-08-07 21:44
Severity ?
EPSS score ?
Summary
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:44:05.883Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FLSA:158801", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html", }, { name: "USN-127-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/127-1/", }, { name: "13657", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/13657", }, { name: "DSA-741", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-741", }, { name: "26444", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/26444", }, { name: "15447", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/15447", }, { name: "oval:org.mitre.oval:def:10700", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10700", }, { name: "27274", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27274", }, { name: "200191", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1", }, { name: "oval:org.mitre.oval:def:749", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A749", }, { name: "APPLE-SA-2007-11-14", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://docs.info.apple.com/article.html?artnum=307041", }, { name: "ADV-2007-3525", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/3525", }, { name: "ADV-2007-3868", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/3868", }, { name: "20060301-01-U", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc", }, { name: "27643", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27643", }, { name: "19183", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19183", }, { name: "RHSA-2005:474", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-474.html", }, { name: "TA07-319A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-319A.html", }, { name: "103118", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-05-17T00:00:00", descriptions: [ { lang: "en", value: "bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a \"decompression bomb\").", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-03T20:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "FLSA:158801", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html", }, { name: "USN-127-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/127-1/", }, { name: "13657", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/13657", }, { name: "DSA-741", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-741", }, { name: "26444", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/26444", }, { name: "15447", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/15447", }, { name: "oval:org.mitre.oval:def:10700", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10700", }, { name: "27274", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27274", }, { name: "200191", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1", }, { name: "oval:org.mitre.oval:def:749", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A749", }, { name: "APPLE-SA-2007-11-14", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://docs.info.apple.com/article.html?artnum=307041", }, { name: "ADV-2007-3525", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/3525", }, { name: "ADV-2007-3868", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/3868", }, { name: "20060301-01-U", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc", }, { name: "27643", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27643", }, { name: "19183", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19183", }, { name: "RHSA-2005:474", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-474.html", }, { name: "TA07-319A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-319A.html", }, { name: "103118", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-1260", datePublished: "2005-05-19T04:00:00", dateReserved: "2005-04-25T00:00:00", dateUpdated: "2024-08-07T21:44:05.883Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-0760
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
References
▼ | URL | Tags |
---|---|---|
http://www.iss.net/security_center/static/9127.php | vdb-entry, x_refsource_XF | |
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt | vendor-advisory, x_refsource_CALDERA | |
http://www.securityfocus.com/bid/4775 | vdb-entry, x_refsource_BID | |
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc | vendor-advisory, x_refsource_FREEBSD |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:03:47.936Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "bzip2-decompression-race-condition(9127)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/9127.php", }, { name: "CSSA-2002-039.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred", ], url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt", }, { name: "4775", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/4775", }, { name: "FreeBSD-SA-02:25", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-05-20T00:00:00", descriptions: [ { lang: "en", value: "Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2003-03-24T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "bzip2-decompression-race-condition(9127)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/9127.php", }, { name: "CSSA-2002-039.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", ], url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt", }, { name: "4775", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/4775", }, { name: "FreeBSD-SA-02:25", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-0760", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "bzip2-decompression-race-condition(9127)", refsource: "XF", url: "http://www.iss.net/security_center/static/9127.php", }, { name: "CSSA-2002-039.0", refsource: "CALDERA", url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt", }, { name: "4775", refsource: "BID", url: "http://www.securityfocus.com/bid/4775", }, { name: "FreeBSD-SA-02:25", refsource: "FREEBSD", url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-0760", datePublished: "2003-04-02T05:00:00", dateReserved: "2002-07-25T00:00:00", dateUpdated: "2024-08-08T03:03:47.936Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2014-04-16 18:37
Modified
2024-11-21 01:31
Severity ?
Summary
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bzip:bzip2:*:*:*:*:*:*:*:*", matchCriteriaId: "6BAD28EC-C503-4E4F-AC65-F8C1C917E314", versionEndIncluding: "1.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*", matchCriteriaId: "B10B3BF9-BE42-468D-89E8-8D4A5FEDC734", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E55F00B1-D48B-40A6-872F-959598D7E6E4", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "CB5DBC5B-C1C4-487E-B40D-8925FDA13D1E", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "C02B0664-E473-4131-8228-96BB5FBC4F7F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.", }, { lang: "es", value: "El comando bzexe en bzip2 1.0.5 y anteriores genera ejecutables comprimidos que no manejan debidamente archivos temporales durante extracción, lo que permite a usuarios locales ejecutar código arbitrario mediante la precreación de un directorio temporal.", }, ], id: "CVE-2011-4089", lastModified: "2024-11-21T01:31:49.450", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-04-16T18:37:11.257", references: [ { source: "secalert@redhat.com", url: "http://seclists.org/fulldisclosure/2011/Oct/804", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/18147", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2011/10/28/16", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.ubuntu.com/usn/USN-1308-1", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2011/Oct/804", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/18147", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2011/10/28/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.ubuntu.com/usn/USN-1308-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:*", matchCriteriaId: "325C63C7-740D-42E1-B8B1-51125DE57F61", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.0a:*:*:*:*:*:*:*", matchCriteriaId: "550690C7-32D0-4126-B272-D2254A2EF434", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.0b:*:*:*:*:*:*:*", matchCriteriaId: "DFE746CF-6890-4259-A9DB-5F77B592D1E9", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.0c:*:*:*:*:*:*:*", matchCriteriaId: "6C95FE39-842A-45D1-A858-D438C0C15B99", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*", matchCriteriaId: "D8AD6CE9-FCE5-4926-A1D1-0706DFE4A6D4", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*", matchCriteriaId: "D54DD36D-7A6C-4649-855A-D81F29FFB6C9", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*", matchCriteriaId: "0B87D623-6CF8-4BDB-A9FB-CF07589AF1CB", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*", matchCriteriaId: "5FE3BFE7-75B6-4284-9EDC-78D452CD9174", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*", matchCriteriaId: "B10B3BF9-BE42-468D-89E8-8D4A5FEDC734", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E55F00B1-D48B-40A6-872F-959598D7E6E4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.", }, { lang: "es", value: "bzip2 anteriores a 1.0.2 en FreeBSD 4.5 y anteriores, y otros Sistemas Operativos, no usan la etiqueta O_EXCL para crear ficheros durante la descomprensión y no alertan al usuario de que un fichero ya existente podría ser sobreescrito, lo cual podría permitir a atacantes remotos la sobreescritura de ficheros mediante un archivo bzip2.", }, ], id: "CVE-2002-0759", lastModified: "2024-11-20T23:39:48.273", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-08-12T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/9126.php", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/4774", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/9126.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/4774", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-03-18 21:44
Modified
2024-11-21 00:44
Severity ?
Summary
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bzip:bzip2:0.9:*:*:*:*:*:*:*", matchCriteriaId: "3852E705-516A-4A5E-8095-93DCF8DB15DB", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*", matchCriteriaId: "D8AD6CE9-FCE5-4926-A1D1-0706DFE4A6D4", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*", matchCriteriaId: "D54DD36D-7A6C-4649-855A-D81F29FFB6C9", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*", matchCriteriaId: "0B87D623-6CF8-4BDB-A9FB-CF07589AF1CB", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*", matchCriteriaId: "5FE3BFE7-75B6-4284-9EDC-78D452CD9174", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9_a:*:*:*:*:*:*:*", matchCriteriaId: "E3992967-645A-45E1-979E-6866B50AA642", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9_b:*:*:*:*:*:*:*", matchCriteriaId: "980AE5B2-11A7-4672-B221-DF660F20667F", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9_c:*:*:*:*:*:*:*", matchCriteriaId: "1DC33019-390A-428F-B119-139CA5949AE4", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*", matchCriteriaId: "B10B3BF9-BE42-468D-89E8-8D4A5FEDC734", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E55F00B1-D48B-40A6-872F-959598D7E6E4", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "CB5DBC5B-C1C4-487E-B40D-8925FDA13D1E", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "C02B0664-E473-4131-8228-96BB5FBC4F7F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.", }, { lang: "es", value: "El archivo bzlib.c en bzip2 versiones anteriores a 1.0.5, permite a los atacantes remotos asistidos por el usuario causar una denegación de servicio (bloqueo) por medio de un archivo diseñado que activa una lectura excesiva del búfer, como es demostrado por el conjunto de pruebas PROTOS GENOME para Formatos de Archivo.", }, ], id: "CVE-2008-1372", lastModified: "2024-11-21T00:44:23.607", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-03-18T21:44:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc", }, { source: "cve@mitre.org", url: "http://kb.vmware.com/kb/1006982", }, { source: "cve@mitre.org", url: "http://kb.vmware.com/kb/1007198", }, { source: "cve@mitre.org", url: "http://kb.vmware.com/kb/1007504", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/29410", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/29475", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/29497", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/29506", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/29656", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/29677", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/29698", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/29940", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/31204", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/31869", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/31878", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/36096", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200903-40.xml", }, { source: "cve@mitre.org", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1", }, { source: "cve@mitre.org", url: "http://support.apple.com/kb/HT3757", }, { source: "cve@mitre.org", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118", }, { source: "cve@mitre.org", url: "http://www.bzip.org/CHANGES", }, { source: "cve@mitre.org", url: "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html", }, { source: "cve@mitre.org", url: "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/", }, { source: "cve@mitre.org", url: "http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml", }, { source: "cve@mitre.org", url: "http://www.ipcop.org/index.php?name=News&file=article&sid=40", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/813451", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:075", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2008-0893.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/489968/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/498863/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/28286", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1020867", }, { source: "cve@mitre.org", url: "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/0915", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/2557", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2009/2172", }, { source: "cve@mitre.org", url: "https://bugs.gentoo.org/attachment.cgi?id=146488&action=view", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41249", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/590-1/", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://kb.vmware.com/kb/1006982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://kb.vmware.com/kb/1007198", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://kb.vmware.com/kb/1007504", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29410", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29475", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29497", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29506", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29656", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29677", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29698", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29940", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31204", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31869", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31878", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/36096", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200903-40.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.apple.com/kb/HT3757", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.bzip.org/CHANGES", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ipcop.org/index.php?name=News&file=article&sid=40", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/813451", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2008-0893.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/489968/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/498863/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/28286", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1020867", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/0915", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2557", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/2172", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.gentoo.org/attachment.cgi?id=146488&action=view", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41249", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/590-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Red Hat has re-evaluated the potential impact of this flaw and has released an update which corrects this behavior:\nhttp://rhn.redhat.com/errata/RHSA-2008-0893.html", lastModified: "2008-10-17T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-19 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
bzip | bzip2 | * | |
canonical | ubuntu_linux | 4.10 | |
canonical | ubuntu_linux | 5.04 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.1 | |
apple | mac_os_x | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bzip:bzip2:*:*:*:*:*:*:*:*", matchCriteriaId: "B04C92B8-8CEB-428B-BE76-88A8B7EA276B", versionEndExcluding: "1.0.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*", matchCriteriaId: "778A6957-455B-420A-BAAF-E7F88FF4FB1E", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*", matchCriteriaId: "42E47538-08EE-4DC1-AC17-883C44CF77BB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", matchCriteriaId: "2CAE037F-111C-4A76-8FFE-716B74D65EF3", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", matchCriteriaId: "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "A1E0F574-6859-45A6-B160-7DDE92C07CC7", versionEndExcluding: "10.4.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a \"decompression bomb\").", }, ], id: "CVE-2005-1260", lastModified: "2024-11-20T23:56:57.023", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-19T04:00:00.000", references: [ { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://docs.info.apple.com/article.html?artnum=307041", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/15447", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/19183", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/27274", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/27643", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2005/dsa-741", }, { source: "secalert@redhat.com", tags: [ "Permissions Required", ], url: "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-474.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/13657", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/26444", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-319A.html", }, { source: "secalert@redhat.com", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2007/3525", }, { source: "secalert@redhat.com", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2007/3868", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10700", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A749", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/127-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://docs.info.apple.com/article.html?artnum=307041", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/15447", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/19183", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/27274", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/27643", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2005/dsa-741", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-474.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/13657", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/26444", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-319A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2007/3525", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2007/3868", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10700", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A749", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/127-1/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-06-30 17:59
Modified
2024-11-21 02:49
Severity ?
Summary
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bzip:bzip2:1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "EF085A82-73A1-464F-B9CE-7601F7938358", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "0F9F989B-EEF4-44E0-8EC5-A6D109CB582A", versionEndExcluding: "3.7.13", versionStartIncluding: "3.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "A92B327D-75B5-4273-A454-428BC194C4A9", versionEndExcluding: "3.8.13", versionStartIncluding: "3.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "1D93AE49-9E53-433F-AB01-A18C81CCEAED", versionEndExcluding: "3.9.11", versionStartIncluding: "3.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "492C0F52-2AE3-427B-87E6-8A2E701F744A", versionEndExcluding: "3.10.3", versionStartIncluding: "3.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", }, { lang: "es", value: "Vulnerabilidad de uso después de liberación de memoria en bzip2recover en bzip2 1.0.6 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo bzip2 manipulado, relacionado con el establecimiento de extremos de bloque antes del inicio del bloque.", }, ], evaluatorComment: "CWE-416: Use After Free", id: "CVE-2016-3189", lastModified: "2024-11-21T02:49:34.020", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-30T17:59:01.470", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2016/06/20/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91297", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036132", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/4", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/22", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201708-08", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4038-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4038-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2016/06/20/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036132", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201708-08", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4038-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4038-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:*", matchCriteriaId: "325C63C7-740D-42E1-B8B1-51125DE57F61", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.0a:*:*:*:*:*:*:*", matchCriteriaId: "550690C7-32D0-4126-B272-D2254A2EF434", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.0b:*:*:*:*:*:*:*", matchCriteriaId: "DFE746CF-6890-4259-A9DB-5F77B592D1E9", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.0c:*:*:*:*:*:*:*", matchCriteriaId: "6C95FE39-842A-45D1-A858-D438C0C15B99", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*", matchCriteriaId: "D8AD6CE9-FCE5-4926-A1D1-0706DFE4A6D4", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*", matchCriteriaId: "D54DD36D-7A6C-4649-855A-D81F29FFB6C9", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*", matchCriteriaId: "0B87D623-6CF8-4BDB-A9FB-CF07589AF1CB", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*", matchCriteriaId: "5FE3BFE7-75B6-4284-9EDC-78D452CD9174", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*", matchCriteriaId: "B10B3BF9-BE42-468D-89E8-8D4A5FEDC734", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E55F00B1-D48B-40A6-872F-959598D7E6E4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.", }, { lang: "es", value: "Condición de Carrera (Race condition) en bzip2 anteriores a 1.0.2 en FreeBSD 4.5 y anteriores, y otros Sistemas Operativos, descomprime ficheros con permiso de lectura a todo el mundo antes de establecer los permisos especificados en el archivo bzip2, lo cual podría permitir a usuarios locales la lectura de ficheros según estan siendo descomprimidos.", }, ], id: "CVE-2002-0760", lastModified: "2024-11-20T23:39:48.403", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 1.2, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 1.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-08-12T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/9127.php", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/4775", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/9127.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/4775", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-19 23:15
Modified
2024-11-21 04:23
Severity ?
Summary
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
bzip | bzip2 | * | |
debian | debian_linux | 8.0 | |
opensuse | leap | 15.0 | |
opensuse | leap | 15.1 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 19.04 | |
freebsd | freebsd | 11.2 | |
freebsd | freebsd | 11.2 | |
freebsd | freebsd | 11.2 | |
freebsd | freebsd | 11.2 | |
freebsd | freebsd | 11.2 | |
freebsd | freebsd | 11.2 | |
freebsd | freebsd | 11.2 | |
freebsd | freebsd | 11.2 | |
freebsd | freebsd | 11.2 | |
freebsd | freebsd | 11.2 | |
freebsd | freebsd | 11.2 | |
freebsd | freebsd | 11.2 | |
freebsd | freebsd | 11.2 | |
freebsd | freebsd | 11.3 | |
freebsd | freebsd | 11.3 | |
freebsd | freebsd | 12.0 | |
freebsd | freebsd | 12.0 | |
freebsd | freebsd | 12.0 | |
freebsd | freebsd | 12.0 | |
freebsd | freebsd | 12.0 | |
freebsd | freebsd | 12.0 | |
freebsd | freebsd | 12.0 | |
freebsd | freebsd | 12.0 | |
freebsd | freebsd | 12.0 | |
python | python | * | |
python | python | * | |
python | python | * | |
python | python | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bzip:bzip2:*:*:*:*:*:*:*:*", matchCriteriaId: "F1DF1F35-B07F-44DD-9B74-57B0CA6DC59C", versionEndIncluding: "1.0.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:*", matchCriteriaId: "1F3EFED2-F6BC-46D9-AB22-D5ED87EF4549", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*", matchCriteriaId: "3ACD1D8D-B3BC-4E99-B846-90A4071DB87B", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:11.2:p10:*:*:*:*:*:*", matchCriteriaId: "0A8A5CDA-E099-47BA-A0C0-2F79C0432156", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:11.2:p11:*:*:*:*:*:*", matchCriteriaId: "9AF6EBB1-EADE-41E2-A47B-0EC20F0C9899", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:11.2:p12:*:*:*:*:*:*", matchCriteriaId: "63721E89-F453-423F-B34B-07B44C85A052", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*", matchCriteriaId: "699FE432-8DF0-49F1-A98B-0E19CE01E5CE", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*", matchCriteriaId: "20B06752-39EE-4600-AC1F-69FB9C88E2A8", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*", matchCriteriaId: "22365F7C-2B00-4B61-84E8-EFBA3B8CFDC0", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*", matchCriteriaId: "E86CD544-86C4-4D9D-9CE5-087027509EDA", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*", matchCriteriaId: "64E47AE7-BB45-428E-90E9-38BFDFF23650", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*", matchCriteriaId: "586B9FA3-65A2-41EB-A848-E4A75565F0CA", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*", matchCriteriaId: "1164B48E-2F28-43C5-9B7B-546EAE12E27D", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*", matchCriteriaId: "F0B15B89-3AD2-4E03-9F47-DA934702187B", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:11.2:rc3:*:*:*:*:*:*", matchCriteriaId: "878DF67E-420A-4229-BEA8-DB9F7161ED9A", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*", matchCriteriaId: "F35957CE-AF9F-40CA-BDD1-FA6A0E73783F", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*", matchCriteriaId: "EA929713-B797-494A-853D-C121D9D69519", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*", matchCriteriaId: "826B53C2-517F-4FC6-92E8-E7FCB24F91B4", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*", matchCriteriaId: "93F10A46-AEF2-4FDD-92D6-0CF07B70F986", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*", matchCriteriaId: "E1AD57A9-F53A-4E40-966E-F2F50852C5E4", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*", matchCriteriaId: "C4029113-130F-4A33-A8A0-BC3E74000378", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:*", matchCriteriaId: "46C5A6FD-7BBF-4E84-9895-8EE14DC846E4", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:12.0:p5:*:*:*:*:*:*", matchCriteriaId: "6D71D083-3279-4DF4-91E1-38C373DD062F", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:12.0:p6:*:*:*:*:*:*", matchCriteriaId: "882669AB-BCFC-4517-A3E9-33D344F1ED0D", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:12.0:p7:*:*:*:*:*:*", matchCriteriaId: "BC3D24FB-50A2-4E37-A479-AF21F8ECD706", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:12.0:p8:*:*:*:*:*:*", matchCriteriaId: "3070787D-76E1-4671-B99D-213F7103B3A2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "0F9F989B-EEF4-44E0-8EC5-A6D109CB582A", versionEndExcluding: "3.7.13", versionStartIncluding: "3.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "A92B327D-75B5-4273-A454-428BC194C4A9", versionEndExcluding: "3.8.13", versionStartIncluding: "3.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "1D93AE49-9E53-433F-AB01-A18C81CCEAED", versionEndExcluding: "3.9.11", versionStartIncluding: "3.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "492C0F52-2AE3-427B-87E6-8A2E701F744A", versionEndExcluding: "3.10.3", versionStartIncluding: "3.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", }, { lang: "es", value: "La función BZ2_decompress en el archivo decompress.c en bzip2 hasta 1.0.6, presenta una escritura fuera de límites cuando hay muchos selectores.", }, ], id: "CVE-2019-12900", lastModified: "2024-11-21T04:23:47.333", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-19T23:15:09.910", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/4", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/22", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc", }, { source: "cve@mitre.org", url: "https://support.f5.com/csp/article/K68713584?utm_source=f5support&%3Butm_medium=RSS", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4038-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4038-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4146-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4146-2/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K68713584?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4038-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4038-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4146-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4146-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-09-28 18:00
Modified
2024-11-21 01:12
Severity ?
Summary
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
bzip | bzip2 | * | |
bzip | bzip2 | 0.9 | |
bzip | bzip2 | 0.9.0 | |
bzip | bzip2 | 0.9.0a | |
bzip | bzip2 | 0.9.0b | |
bzip | bzip2 | 0.9.0c | |
bzip | bzip2 | 0.9.5_a | |
bzip | bzip2 | 0.9.5_b | |
bzip | bzip2 | 0.9.5_c | |
bzip | bzip2 | 0.9.5_d | |
bzip | bzip2 | 0.9.5a | |
bzip | bzip2 | 0.9.5b | |
bzip | bzip2 | 0.9.5c | |
bzip | bzip2 | 0.9.5d | |
bzip | bzip2 | 0.9_a | |
bzip | bzip2 | 0.9_b | |
bzip | bzip2 | 0.9_c | |
bzip | bzip2 | 1.0 | |
bzip | bzip2 | 1.0.1 | |
bzip | bzip2 | 1.0.2 | |
bzip | bzip2 | 1.0.3 | |
bzip | bzip2 | 1.0.4 | |
libzip2 | libzip2 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bzip:bzip2:*:*:*:*:*:*:*:*", matchCriteriaId: "9EDE642C-0199-43BD-8A86-4C01950D3D12", versionEndIncluding: "1.0.5", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9:*:*:*:*:*:*:*", matchCriteriaId: "3852E705-516A-4A5E-8095-93DCF8DB15DB", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:*", matchCriteriaId: "325C63C7-740D-42E1-B8B1-51125DE57F61", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.0a:*:*:*:*:*:*:*", matchCriteriaId: "550690C7-32D0-4126-B272-D2254A2EF434", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.0b:*:*:*:*:*:*:*", matchCriteriaId: "DFE746CF-6890-4259-A9DB-5F77B592D1E9", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.0c:*:*:*:*:*:*:*", matchCriteriaId: "6C95FE39-842A-45D1-A858-D438C0C15B99", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5_a:*:*:*:*:*:*:*", matchCriteriaId: "124E0E58-A7B3-4B3E-BEAD-76073A75A0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5_b:*:*:*:*:*:*:*", matchCriteriaId: "6F2C4072-C19D-45E0-9662-030F39BD2295", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5_c:*:*:*:*:*:*:*", matchCriteriaId: "E1466AE9-B7E0-449C-BD25-54009833ED93", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5_d:*:*:*:*:*:*:*", matchCriteriaId: "DC309293-C48A-4931-9A81-359966C6BB40", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*", matchCriteriaId: "D8AD6CE9-FCE5-4926-A1D1-0706DFE4A6D4", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*", matchCriteriaId: "D54DD36D-7A6C-4649-855A-D81F29FFB6C9", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*", matchCriteriaId: "0B87D623-6CF8-4BDB-A9FB-CF07589AF1CB", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*", matchCriteriaId: "5FE3BFE7-75B6-4284-9EDC-78D452CD9174", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9_a:*:*:*:*:*:*:*", matchCriteriaId: "E3992967-645A-45E1-979E-6866B50AA642", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9_b:*:*:*:*:*:*:*", matchCriteriaId: "980AE5B2-11A7-4672-B221-DF660F20667F", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9_c:*:*:*:*:*:*:*", matchCriteriaId: "1DC33019-390A-428F-B119-139CA5949AE4", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*", matchCriteriaId: "B10B3BF9-BE42-468D-89E8-8D4A5FEDC734", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E55F00B1-D48B-40A6-872F-959598D7E6E4", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "CB5DBC5B-C1C4-487E-B40D-8925FDA13D1E", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "C02B0664-E473-4131-8228-96BB5FBC4F7F", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "85E9A082-C20B-4BD7-8562-5E391F0205F2", vulnerable: true, }, { criteria: "cpe:2.3:a:libzip2:libzip2:*:*:*:*:*:*:*:*", matchCriteriaId: "CE5990D0-499C-417F-B8C0-4DE8D5253EFD", versionEndIncluding: "1.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.", }, { lang: "es", value: "Desbordamiento de enteros en la función BZ2_decompress en decompress.c en bzip2 y libbzip2 anterior v1.0.6 permite a atacantes dependientes del contexto causar una denegación de servicio (caída aplicación) o probablemente ejecutar código de su elección a través de ficheros comprimidos manipulados. \r\n\r\n", }, ], id: "CVE-2010-0405", lastModified: "2024-11-21T01:12:09.127", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2010-09-28T18:00:02.340", references: [ { source: "cve@mitre.org", url: "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow", }, { source: "cve@mitre.org", url: "http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html", }, { source: "cve@mitre.org", url: "http://marc.info/?l=oss-security&m=128506868510655&w=2", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/41452", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/41505", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/42350", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/42404", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/42405", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/42529", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/42530", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/48378", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-201301-05.xml", }, { source: "cve@mitre.org", url: "http://support.apple.com/kb/HT4581", }, { source: "cve@mitre.org", url: "http://www.bzip.org/", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2010-0703.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2010-0858.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/515055/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-986-2", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-986-3", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/usn-986-1", }, { source: "cve@mitre.org", url: "http://www.vmware.com/security/advisories/VMSA-2010-0019.html", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2010/2455", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2010/3043", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2010/3052", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2010/3073", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2010/3126", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2010/3127", }, { source: "cve@mitre.org", url: "http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/", }, { source: "cve@mitre.org", url: "https://bugzilla.redhat.com/show_bug.cgi?id=627882", }, { source: "cve@mitre.org", url: "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230", }, { source: "cve@mitre.org", url: "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=oss-security&m=128506868510655&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/41452", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/41505", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/42350", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/42404", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/42405", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/42529", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/42530", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/48378", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-201301-05.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.apple.com/kb/HT4581", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.bzip.org/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2010-0703.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2010-0858.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/515055/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-986-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-986-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-986-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vmware.com/security/advisories/VMSA-2010-0019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2010/2455", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2010/3043", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2010/3052", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2010/3073", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2010/3126", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2010/3127", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=627882", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:*", matchCriteriaId: "325C63C7-740D-42E1-B8B1-51125DE57F61", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.0a:*:*:*:*:*:*:*", matchCriteriaId: "550690C7-32D0-4126-B272-D2254A2EF434", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.0b:*:*:*:*:*:*:*", matchCriteriaId: "DFE746CF-6890-4259-A9DB-5F77B592D1E9", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.0c:*:*:*:*:*:*:*", matchCriteriaId: "6C95FE39-842A-45D1-A858-D438C0C15B99", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*", matchCriteriaId: "D8AD6CE9-FCE5-4926-A1D1-0706DFE4A6D4", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*", matchCriteriaId: "D54DD36D-7A6C-4649-855A-D81F29FFB6C9", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*", matchCriteriaId: "0B87D623-6CF8-4BDB-A9FB-CF07589AF1CB", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*", matchCriteriaId: "5FE3BFE7-75B6-4284-9EDC-78D452CD9174", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*", matchCriteriaId: "B10B3BF9-BE42-468D-89E8-8D4A5FEDC734", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E55F00B1-D48B-40A6-872F-959598D7E6E4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.", }, { lang: "es", value: "bzip2 anterioes a 1.0.2 en FreeBSD 4.5 y anteriores, y otros Sistemas Operativos, utilizan los permisos de enlaces simbólicos (symbolic links) en lugar de los del archivo actual cuando crea un nuevo fichero, lo cual podría causar que el fichero fuese extraido con unos permisos menos restrictivos de lo que se pretendía.", }, ], id: "CVE-2002-0761", lastModified: "2024-11-20T23:39:48.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-08-12T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/9128.php", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/4776", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/9128.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/4776", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bzip:bzip2:0.9:*:*:*:*:*:*:*", matchCriteriaId: "3852E705-516A-4A5E-8095-93DCF8DB15DB", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5_a:*:*:*:*:*:*:*", matchCriteriaId: "124E0E58-A7B3-4B3E-BEAD-76073A75A0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5_b:*:*:*:*:*:*:*", matchCriteriaId: "6F2C4072-C19D-45E0-9662-030F39BD2295", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5_c:*:*:*:*:*:*:*", matchCriteriaId: "E1466AE9-B7E0-449C-BD25-54009833ED93", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9.5_d:*:*:*:*:*:*:*", matchCriteriaId: "DC309293-C48A-4931-9A81-359966C6BB40", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9_a:*:*:*:*:*:*:*", matchCriteriaId: "E3992967-645A-45E1-979E-6866B50AA642", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9_b:*:*:*:*:*:*:*", matchCriteriaId: "980AE5B2-11A7-4672-B221-DF660F20667F", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:0.9_c:*:*:*:*:*:*:*", matchCriteriaId: "1DC33019-390A-428F-B119-139CA5949AE4", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*", matchCriteriaId: "B10B3BF9-BE42-468D-89E8-8D4A5FEDC734", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E55F00B1-D48B-40A6-872F-959598D7E6E4", vulnerable: true, }, { criteria: "cpe:2.3:a:bzip:bzip2:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "CB5DBC5B-C1C4-487E-B40D-8925FDA13D1E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.", }, ], id: "CVE-2005-0953", lastModified: "2024-11-20T23:56:15.697", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.7, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 1.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc", }, { source: "cve@mitre.org", url: "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc", }, { source: "cve@mitre.org", url: "http://docs.info.apple.com/article.html?artnum=307041", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=111229375217633&w=2", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/19183", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/27274", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/27643", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/29940", }, { source: "cve@mitre.org", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1", }, { source: "cve@mitre.org", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.debian.org/security/2005/dsa-730", }, { source: "cve@mitre.org", url: "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026", }, { source: "cve@mitre.org", url: "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2005-474.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/456430/30/8730/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/12954", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/26444", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-319A.html", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/3525", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/3868", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19926", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://docs.info.apple.com/article.html?artnum=307041", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=111229375217633&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19183", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/27274", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/27643", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29940", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.debian.org/security/2005/dsa-730", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-474.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/456430/30/8730/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/12954", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/26444", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-319A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/3525", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/3868", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19926", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", lastModified: "2007-03-14T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }