Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
20 vulnerabilities found for bzip2 by bzip
CVE-2019-12900 (GCVE-0-2019-12900)
Vulnerability from cvelistv5 – Published: 2019-06-19 22:07 – Updated: 2025-06-09 15:57
VLAI
Summary
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-787 - Out-of-bounds Write
Assigner
References
23 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"name": "USN-4038-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4038-2/"
},
{
"name": "USN-4038-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4038-1/"
},
{
"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/22"
},
{
"name": "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"
},
{
"name": "openSUSE-SU-2019:1781",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"
},
{
"name": "FreeBSD-SA-19:18",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
},
{
"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/4"
},
{
"name": "openSUSE-SU-2019:1918",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"
},
{
"name": "USN-4146-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4146-1/"
},
{
"name": "USN-4146-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4146-2/"
},
{
"name": "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"
},
{
"name": "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"
},
{
"name": "openSUSE-SU-2019:2595",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
},
{
"name": "openSUSE-SU-2019:2597",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
},
{
"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-12900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:54:12.653578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:57:25.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-17T13:06:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"name": "USN-4038-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4038-2/"
},
{
"name": "USN-4038-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4038-1/"
},
{
"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/22"
},
{
"name": "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"
},
{
"name": "openSUSE-SU-2019:1781",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"
},
{
"name": "FreeBSD-SA-19:18",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
},
{
"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/4"
},
{
"name": "openSUSE-SU-2019:1918",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"
},
{
"name": "USN-4146-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4146-1/"
},
{
"name": "USN-4146-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4146-2/"
},
{
"name": "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"
},
{
"name": "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"
},
{
"name": "openSUSE-SU-2019:2595",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
},
{
"name": "openSUSE-SU-2019:2597",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
},
{
"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"name": "USN-4038-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4038-2/"
},
{
"name": "USN-4038-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4038-1/"
},
{
"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/22"
},
{
"name": "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"
},
{
"name": "openSUSE-SU-2019:1781",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"
},
{
"name": "FreeBSD-SA-19:18",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
},
{
"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/4"
},
{
"name": "openSUSE-SU-2019:1918",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"
},
{
"name": "USN-4146-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4146-1/"
},
{
"name": "USN-4146-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4146-2/"
},
{
"name": "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"
},
{
"name": "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"
},
{
"name": "openSUSE-SU-2019:2595",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
},
{
"name": "openSUSE-SU-2019:2597",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
},
{
"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b@%3Cusers.kafka.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
},
{
"name": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
},
{
"name": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc",
"refsource": "MISC",
"url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"
},
{
"name": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4@%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774@%3Cuser.flink.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12900",
"datePublished": "2019-06-19T22:07:57.000Z",
"dateReserved": "2019-06-19T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:57:25.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3189 (GCVE-0-2016-3189)
Vulnerability from cvelistv5 – Published: 2016-06-30 17:00 – Updated: 2025-06-09 16:01
VLAI
Summary
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-416 - Use After Free
Assigner
References
25 references
Date Public
2016-06-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:57.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160620 CVE-2016-3189: bzip2 use-after-free on bzip2recover",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/20/1"
},
{
"name": "1036132",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036132"
},
{
"name": "91297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91297"
},
{
"name": "GLSA-201708-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201708-08"
},
{
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"name": "USN-4038-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4038-2/"
},
{
"name": "USN-4038-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4038-1/"
},
{
"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/22"
},
{
"name": "FreeBSD-SA-19:18",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
},
{
"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/4"
},
{
"name": "[kafka-dev] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200413 [jira] [Updated] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200414 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319648"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
},
{
"name": "[kafka-jira] 20210729 [jira] [Comment Edited] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-3189",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:58:23.497432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T16:01:46.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-29T06:06:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160620 CVE-2016-3189: bzip2 use-after-free on bzip2recover",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/20/1"
},
{
"name": "1036132",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036132"
},
{
"name": "91297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91297"
},
{
"name": "GLSA-201708-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201708-08"
},
{
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"name": "USN-4038-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4038-2/"
},
{
"name": "USN-4038-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4038-1/"
},
{
"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/22"
},
{
"name": "FreeBSD-SA-19:18",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
},
{
"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/4"
},
{
"name": "[kafka-dev] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200413 [jira] [Updated] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200414 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319648"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
},
{
"name": "[kafka-jira] 20210729 [jira] [Comment Edited] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160620 CVE-2016-3189: bzip2 use-after-free on bzip2recover",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/20/1"
},
{
"name": "1036132",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036132"
},
{
"name": "91297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91297"
},
{
"name": "GLSA-201708-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201708-08"
},
{
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"name": "USN-4038-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4038-2/"
},
{
"name": "USN-4038-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4038-1/"
},
{
"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/22"
},
{
"name": "FreeBSD-SA-19:18",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
},
{
"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/4"
},
{
"name": "[kafka-dev] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200413 [jira] [Updated] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200414 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3@%3Cjira.kafka.apache.org%3E"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1319648",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319648"
},
{
"name": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
},
{
"name": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
},
{
"name": "[kafka-jira] 20210729 [jira] [Comment Edited] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203@%3Cjira.kafka.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3189",
"datePublished": "2016-06-30T17:00:00.000Z",
"dateReserved": "2016-03-15T00:00:00.000Z",
"dateUpdated": "2025-06-09T16:01:46.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4089 (GCVE-0-2011-4089)
Vulnerability from cvelistv5 – Published: 2014-04-16 18:00 – Updated: 2024-08-06 23:53
VLAI
Summary
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2011/Oct/804 | mailing-listx_refsource_FULLDISC |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-1308-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.exploit-db.com/exploits/18147 | exploitx_refsource_EXPLOIT-DB |
| http://www.openwall.com/lists/oss-security/2011/1… | mailing-listx_refsource_MLIST |
Date Public
2011-07-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20111025 Re: Symlink vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2011/Oct/804"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862"
},
{
"name": "USN-1308-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1308-1"
},
{
"name": "18147",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18147"
},
{
"name": "[oss-security] 20111028 Re: Request for CVE Identifier: bzexe insecure\ttemporary file",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/28/16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-16T17:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20111025 Re: Symlink vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2011/Oct/804"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862"
},
{
"name": "USN-1308-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1308-1"
},
{
"name": "18147",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18147"
},
{
"name": "[oss-security] 20111028 Re: Request for CVE Identifier: bzexe insecure\ttemporary file",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/28/16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4089",
"datePublished": "2014-04-16T18:00:00.000Z",
"dateReserved": "2011-10-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:53:32.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0405 (GCVE-0-2010-0405)
Vulnerability from cvelistv5 – Published: 2010-09-28 17:00 – Updated: 2024-08-07 00:45
VLAI
Summary
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
35 references
Date Public
2010-09-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-986-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-986-3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3"
},
{
"name": "FEDORA-2010-17439",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html"
},
{
"name": "USN-986-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-986-1"
},
{
"name": "USN-986-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-986-2"
},
{
"name": "41452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41452"
},
{
"name": "42404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42404"
},
{
"name": "48378",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48378"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230"
},
{
"name": "ADV-2010-3073",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3073"
},
{
"name": "ADV-2010-2455",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2455"
},
{
"name": "APPLE-SA-2011-03-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "42530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42530"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231"
},
{
"name": "[oss-security] 20100921 bzip2 CVE-2010-0405 integer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128506868510655\u0026w=2"
},
{
"name": "42529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42529"
},
{
"name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"name": "41505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41505"
},
{
"name": "ADV-2010-3052",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3052"
},
{
"name": "RHSA-2010:0703",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0703.html"
},
{
"name": "RHSA-2010:0858",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0858.html"
},
{
"name": "FEDORA-2010-1512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow"
},
{
"name": "42405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42405"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=627882"
},
{
"name": "ADV-2010-3126",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"name": "GLSA-201301-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-05.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bzip.org/"
},
{
"name": "ADV-2010-3127",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3127"
},
{
"name": "ADV-2010-3043",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3043"
},
{
"name": "SUSE-SR:2010:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"name": "42350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42350"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-986-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-986-3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3"
},
{
"name": "FEDORA-2010-17439",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html"
},
{
"name": "USN-986-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-986-1"
},
{
"name": "USN-986-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-986-2"
},
{
"name": "41452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41452"
},
{
"name": "42404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42404"
},
{
"name": "48378",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48378"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230"
},
{
"name": "ADV-2010-3073",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3073"
},
{
"name": "ADV-2010-2455",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2455"
},
{
"name": "APPLE-SA-2011-03-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "42530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42530"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231"
},
{
"name": "[oss-security] 20100921 bzip2 CVE-2010-0405 integer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128506868510655\u0026w=2"
},
{
"name": "42529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42529"
},
{
"name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"name": "41505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41505"
},
{
"name": "ADV-2010-3052",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3052"
},
{
"name": "RHSA-2010:0703",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0703.html"
},
{
"name": "RHSA-2010:0858",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0858.html"
},
{
"name": "FEDORA-2010-1512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow"
},
{
"name": "42405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42405"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=627882"
},
{
"name": "ADV-2010-3126",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"name": "GLSA-201301-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-05.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bzip.org/"
},
{
"name": "ADV-2010-3127",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3127"
},
{
"name": "ADV-2010-3043",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3043"
},
{
"name": "SUSE-SR:2010:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"name": "42350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42350"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-986-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-986-3"
},
{
"name": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.3",
"refsource": "CONFIRM",
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.3"
},
{
"name": "FEDORA-2010-17439",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html"
},
{
"name": "USN-986-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-986-1"
},
{
"name": "USN-986-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-986-2"
},
{
"name": "41452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41452"
},
{
"name": "42404",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42404"
},
{
"name": "48378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48378"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230"
},
{
"name": "ADV-2010-3073",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3073"
},
{
"name": "ADV-2010-2455",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2455"
},
{
"name": "APPLE-SA-2011-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "42530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42530"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231"
},
{
"name": "[oss-security] 20100921 bzip2 CVE-2010-0405 integer overflow",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=128506868510655\u0026w=2"
},
{
"name": "42529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42529"
},
{
"name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"name": "41505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41505"
},
{
"name": "ADV-2010-3052",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3052"
},
{
"name": "RHSA-2010:0703",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0703.html"
},
{
"name": "RHSA-2010:0858",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0858.html"
},
{
"name": "FEDORA-2010-1512",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html"
},
{
"name": "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow",
"refsource": "CONFIRM",
"url": "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow"
},
{
"name": "42405",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42405"
},
{
"name": "http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/",
"refsource": "CONFIRM",
"url": "http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=627882",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=627882"
},
{
"name": "ADV-2010-3126",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"name": "GLSA-201301-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-05.xml"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"name": "http://www.bzip.org/",
"refsource": "CONFIRM",
"url": "http://www.bzip.org/"
},
{
"name": "ADV-2010-3127",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3127"
},
{
"name": "ADV-2010-3043",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3043"
},
{
"name": "SUSE-SR:2010:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"name": "42350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42350"
},
{
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0405",
"datePublished": "2010-09-28T17:00:00.000Z",
"dateReserved": "2010-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:45:12.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1372 (GCVE-0-2008-1372)
Vulnerability from cvelistv5 – Published: 2008-03-18 21:00 – Updated: 2024-08-07 08:17
VLAI
Summary
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
46 references
Date Public
2008-03-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3757"
},
{
"name": "bzip2-archives-code-execution(41249)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41249"
},
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bzip.org/CHANGES"
},
{
"name": "241786",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1"
},
{
"name": "36096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36096"
},
{
"name": "FEDORA-2008-2970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html"
},
{
"name": "NetBSD-SA2008-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc"
},
{
"name": "20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498863/100/0/threaded"
},
{
"name": "ADV-2008-2557",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2557"
},
{
"name": "31878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31878"
},
{
"name": "SSA:2008-098-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.473263"
},
{
"name": "31869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31869"
},
{
"name": "1020867",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020867"
},
{
"name": "RHSA-2008:0893",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0893.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.vmware.com/kb/1007504"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
},
{
"name": "APPLE-SA-2009-08-05-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"name": "VU#813451",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/813451"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/attachment.cgi?id=146488\u0026action=view"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.vmware.com/kb/1007198"
},
{
"name": "GLSA-200804-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml"
},
{
"name": "FEDORA-2008-3037",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.vmware.com/kb/1006982"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=40"
},
{
"name": "29656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118"
},
{
"name": "29475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29475"
},
{
"name": "29698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29698"
},
{
"name": "29497",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29497"
},
{
"name": "29940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29940"
},
{
"name": "20080321 rPSA-2008-0118-1 bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489968/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:6467",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467"
},
{
"name": "oval:org.mitre.oval:def:10067",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067"
},
{
"name": "GLSA-200903-40",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-40.xml"
},
{
"name": "31204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31204"
},
{
"name": "USN-590-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/590-1/"
},
{
"name": "MDVSA-2008:075",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:075"
},
{
"name": "ADV-2008-0915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0915"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/"
},
{
"name": "29506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29506"
},
{
"name": "ADV-2009-2172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2172"
},
{
"name": "TA09-218A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"name": "28286",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28286"
},
{
"name": "29410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29410"
},
{
"name": "29677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29677"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3757"
},
{
"name": "bzip2-archives-code-execution(41249)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41249"
},
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bzip.org/CHANGES"
},
{
"name": "241786",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1"
},
{
"name": "36096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36096"
},
{
"name": "FEDORA-2008-2970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html"
},
{
"name": "NetBSD-SA2008-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc"
},
{
"name": "20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498863/100/0/threaded"
},
{
"name": "ADV-2008-2557",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2557"
},
{
"name": "31878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31878"
},
{
"name": "SSA:2008-098-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.473263"
},
{
"name": "31869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31869"
},
{
"name": "1020867",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020867"
},
{
"name": "RHSA-2008:0893",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0893.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.vmware.com/kb/1007504"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
},
{
"name": "APPLE-SA-2009-08-05-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"name": "VU#813451",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/813451"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/attachment.cgi?id=146488\u0026action=view"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.vmware.com/kb/1007198"
},
{
"name": "GLSA-200804-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml"
},
{
"name": "FEDORA-2008-3037",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.vmware.com/kb/1006982"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=40"
},
{
"name": "29656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118"
},
{
"name": "29475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29475"
},
{
"name": "29698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29698"
},
{
"name": "29497",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29497"
},
{
"name": "29940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29940"
},
{
"name": "20080321 rPSA-2008-0118-1 bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489968/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:6467",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467"
},
{
"name": "oval:org.mitre.oval:def:10067",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067"
},
{
"name": "GLSA-200903-40",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-40.xml"
},
{
"name": "31204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31204"
},
{
"name": "USN-590-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/590-1/"
},
{
"name": "MDVSA-2008:075",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:075"
},
{
"name": "ADV-2008-0915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0915"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/"
},
{
"name": "29506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29506"
},
{
"name": "ADV-2009-2172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2172"
},
{
"name": "TA09-218A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"name": "28286",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28286"
},
{
"name": "29410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29410"
},
{
"name": "29677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29677"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT3757",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3757"
},
{
"name": "bzip2-archives-code-execution(41249)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41249"
},
{
"name": "SUSE-SR:2008:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "http://www.bzip.org/CHANGES",
"refsource": "CONFIRM",
"url": "http://www.bzip.org/CHANGES"
},
{
"name": "241786",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1"
},
{
"name": "36096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36096"
},
{
"name": "FEDORA-2008-2970",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html"
},
{
"name": "NetBSD-SA2008-004",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc"
},
{
"name": "20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498863/100/0/threaded"
},
{
"name": "ADV-2008-2557",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2557"
},
{
"name": "31878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31878"
},
{
"name": "SSA:2008-098-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.473263"
},
{
"name": "31869",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31869"
},
{
"name": "1020867",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020867"
},
{
"name": "RHSA-2008:0893",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0893.html"
},
{
"name": "http://kb.vmware.com/kb/1007504",
"refsource": "CONFIRM",
"url": "http://kb.vmware.com/kb/1007504"
},
{
"name": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html",
"refsource": "MISC",
"url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
},
{
"name": "APPLE-SA-2009-08-05-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"name": "VU#813451",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/813451"
},
{
"name": "https://bugs.gentoo.org/attachment.cgi?id=146488\u0026action=view",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/attachment.cgi?id=146488\u0026action=view"
},
{
"name": "http://kb.vmware.com/kb/1007198",
"refsource": "CONFIRM",
"url": "http://kb.vmware.com/kb/1007198"
},
{
"name": "GLSA-200804-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml"
},
{
"name": "FEDORA-2008-3037",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html"
},
{
"name": "http://kb.vmware.com/kb/1006982",
"refsource": "CONFIRM",
"url": "http://kb.vmware.com/kb/1006982"
},
{
"name": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=40",
"refsource": "CONFIRM",
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=40"
},
{
"name": "29656",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29656"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118"
},
{
"name": "29475",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29475"
},
{
"name": "29698",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29698"
},
{
"name": "29497",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29497"
},
{
"name": "29940",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29940"
},
{
"name": "20080321 rPSA-2008-0118-1 bzip2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489968/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:6467",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467"
},
{
"name": "oval:org.mitre.oval:def:10067",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067"
},
{
"name": "GLSA-200903-40",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-40.xml"
},
{
"name": "31204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31204"
},
{
"name": "USN-590-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/590-1/"
},
{
"name": "MDVSA-2008:075",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:075"
},
{
"name": "ADV-2008-0915",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0915"
},
{
"name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/",
"refsource": "MISC",
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/"
},
{
"name": "29506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29506"
},
{
"name": "ADV-2009-2172",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2172"
},
{
"name": "TA09-218A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"name": "28286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28286"
},
{
"name": "29410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29410"
},
{
"name": "29677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29677"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1372",
"datePublished": "2008-03-18T21:00:00.000Z",
"dateReserved": "2008-03-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:34.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1260 (GCVE-0-2005-1260)
Vulnerability from cvelistv5 – Published: 2005-05-19 04:00 – Updated: 2024-08-07 21:44
VLAI
Summary
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
20 references
Date Public
2005-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FLSA:158801",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
},
{
"name": "USN-127-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/127-1/"
},
{
"name": "13657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13657"
},
{
"name": "DSA-741",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-741"
},
{
"name": "26444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "15447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15447"
},
{
"name": "oval:org.mitre.oval:def:10700",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10700"
},
{
"name": "27274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27274"
},
{
"name": "200191",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1"
},
{
"name": "oval:org.mitre.oval:def:749",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A749"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "ADV-2007-3525",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3525"
},
{
"name": "ADV-2007-3868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "20060301-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc"
},
{
"name": "27643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27643"
},
{
"name": "19183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19183"
},
{
"name": "RHSA-2005:474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-474.html"
},
{
"name": "TA07-319A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "103118",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a \"decompression bomb\")."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FLSA:158801",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
},
{
"name": "USN-127-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/127-1/"
},
{
"name": "13657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13657"
},
{
"name": "DSA-741",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-741"
},
{
"name": "26444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "15447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15447"
},
{
"name": "oval:org.mitre.oval:def:10700",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10700"
},
{
"name": "27274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27274"
},
{
"name": "200191",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1"
},
{
"name": "oval:org.mitre.oval:def:749",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A749"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "ADV-2007-3525",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3525"
},
{
"name": "ADV-2007-3868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "20060301-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc"
},
{
"name": "27643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27643"
},
{
"name": "19183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19183"
},
{
"name": "RHSA-2005:474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-474.html"
},
{
"name": "TA07-319A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "103118",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-1260",
"datePublished": "2005-05-19T04:00:00.000Z",
"dateReserved": "2005-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:44:05.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0953 (GCVE-0-2005-0953)
Vulnerability from cvelistv5 – Published: 2005-04-03 05:00 – Updated: 2024-08-07 21:28
VLAI
Summary
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
25 references
Date Public
2005-03-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:29.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:1154",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154"
},
{
"name": "FLSA:158801",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
},
{
"name": "26444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "NetBSD-SA2008-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc"
},
{
"name": "bzip2-toctou-symlink(19926)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19926"
},
{
"name": "DSA-730",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-730"
},
{
"name": "OpenPKG-SA-2007.002",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html"
},
{
"name": "oval:org.mitre.oval:def:10902",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902"
},
{
"name": "27274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27274"
},
{
"name": "20070109 rPSA-2007-0004-1 bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456430/30/8730/threaded"
},
{
"name": "200191",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "ADV-2007-3525",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3525"
},
{
"name": "ADV-2007-3868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "29940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29940"
},
{
"name": "20060301-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc"
},
{
"name": "27643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27643"
},
{
"name": "12954",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12954"
},
{
"name": "19183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19183"
},
{
"name": "MDKSA-2006:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026"
},
{
"name": "RHSA-2005:474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-474.html"
},
{
"name": "TA07-319A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "20050330 bzip2 TOCTOU file-permissions vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111229375217633\u0026w=2"
},
{
"name": "103118",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:1154",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154"
},
{
"name": "FLSA:158801",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
},
{
"name": "26444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "NetBSD-SA2008-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc"
},
{
"name": "bzip2-toctou-symlink(19926)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19926"
},
{
"name": "DSA-730",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-730"
},
{
"name": "OpenPKG-SA-2007.002",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html"
},
{
"name": "oval:org.mitre.oval:def:10902",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902"
},
{
"name": "27274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27274"
},
{
"name": "20070109 rPSA-2007-0004-1 bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456430/30/8730/threaded"
},
{
"name": "200191",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "ADV-2007-3525",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3525"
},
{
"name": "ADV-2007-3868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "29940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29940"
},
{
"name": "20060301-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc"
},
{
"name": "27643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27643"
},
{
"name": "12954",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12954"
},
{
"name": "19183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19183"
},
{
"name": "MDKSA-2006:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026"
},
{
"name": "RHSA-2005:474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-474.html"
},
{
"name": "TA07-319A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "20050330 bzip2 TOCTOU file-permissions vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111229375217633\u0026w=2"
},
{
"name": "103118",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:1154",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154"
},
{
"name": "FLSA:158801",
"refsource": "FEDORA",
"url": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
},
{
"name": "26444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "NetBSD-SA2008-004",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc"
},
{
"name": "bzip2-toctou-symlink(19926)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19926"
},
{
"name": "DSA-730",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-730"
},
{
"name": "OpenPKG-SA-2007.002",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html"
},
{
"name": "oval:org.mitre.oval:def:10902",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902"
},
{
"name": "27274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27274"
},
{
"name": "20070109 rPSA-2007-0004-1 bzip2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456430/30/8730/threaded"
},
{
"name": "200191",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1"
},
{
"name": "APPLE-SA-2007-11-14",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307041",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "ADV-2007-3525",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3525"
},
{
"name": "ADV-2007-3868",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "29940",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29940"
},
{
"name": "20060301-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc"
},
{
"name": "27643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27643"
},
{
"name": "12954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12954"
},
{
"name": "19183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19183"
},
{
"name": "MDKSA-2006:026",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026"
},
{
"name": "RHSA-2005:474",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-474.html"
},
{
"name": "TA07-319A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "20050330 bzip2 TOCTOU file-permissions vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111229375217633\u0026w=2"
},
{
"name": "103118",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0953",
"datePublished": "2005-04-03T05:00:00.000Z",
"dateReserved": "2005-04-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:28:29.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0760 (GCVE-0-2002-0760)
Vulnerability from cvelistv5 – Published: 2003-04-02 05:00 – Updated: 2024-08-08 03:03
VLAI
Summary
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/9127.php | vdb-entryx_refsource_XF |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA… | vendor-advisoryx_refsource_CALDERA |
| http://www.securityfocus.com/bid/4775 | vdb-entryx_refsource_BID |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories… | vendor-advisoryx_refsource_FREEBSD |
Date Public
2002-05-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:47.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bzip2-decompression-race-condition(9127)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9127.php"
},
{
"name": "CSSA-2002-039.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name": "4775",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4775"
},
{
"name": "FreeBSD-SA-02:25",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-24T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bzip2-decompression-race-condition(9127)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9127.php"
},
{
"name": "CSSA-2002-039.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name": "4775",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4775"
},
{
"name": "FreeBSD-SA-02:25",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bzip2-decompression-race-condition(9127)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9127.php"
},
{
"name": "CSSA-2002-039.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name": "4775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4775"
},
{
"name": "FreeBSD-SA-02:25",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0760",
"datePublished": "2003-04-02T05:00:00.000Z",
"dateReserved": "2002-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:03:47.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0761 (GCVE-0-2002-0761)
Vulnerability from cvelistv5 – Published: 2003-04-02 05:00 – Updated: 2024-08-08 03:03
VLAI
Summary
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/9128.php | vdb-entryx_refsource_XF |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA… | vendor-advisoryx_refsource_CALDERA |
| http://www.securityfocus.com/bid/4776 | vdb-entryx_refsource_BID |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories… | vendor-advisoryx_refsource_FREEBSD |
Date Public
2002-05-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:49.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bzip2-compression-symlink(9128)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9128.php"
},
{
"name": "CSSA-2002-039.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name": "4776",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4776"
},
{
"name": "FreeBSD-SA-02:25",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-24T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bzip2-compression-symlink(9128)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9128.php"
},
{
"name": "CSSA-2002-039.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name": "4776",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4776"
},
{
"name": "FreeBSD-SA-02:25",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bzip2-compression-symlink(9128)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9128.php"
},
{
"name": "CSSA-2002-039.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name": "4776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4776"
},
{
"name": "FreeBSD-SA-02:25",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0761",
"datePublished": "2003-04-02T05:00:00.000Z",
"dateReserved": "2002-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:03:49.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0759 (GCVE-0-2002-0759)
Vulnerability from cvelistv5 – Published: 2003-04-02 05:00 – Updated: 2024-08-08 03:03
VLAI
Summary
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA… | vendor-advisoryx_refsource_CALDERA |
| http://www.iss.net/security_center/static/9126.php | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/4774 | vdb-entryx_refsource_BID |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories… | vendor-advisoryx_refsource_FREEBSD |
Date Public
2002-05-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:48.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CSSA-2002-039.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name": "bzip2-decompression-file-overwrite(9126)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9126.php"
},
{
"name": "4774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4774"
},
{
"name": "FreeBSD-SA-02:25",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-24T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CSSA-2002-039.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name": "bzip2-decompression-file-overwrite(9126)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9126.php"
},
{
"name": "4774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4774"
},
{
"name": "FreeBSD-SA-02:25",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CSSA-2002-039.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name": "bzip2-decompression-file-overwrite(9126)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9126.php"
},
{
"name": "4774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4774"
},
{
"name": "FreeBSD-SA-02:25",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0759",
"datePublished": "2003-04-02T05:00:00.000Z",
"dateReserved": "2002-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:03:48.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12900 (GCVE-0-2019-12900)
Vulnerability from nvd – Published: 2019-06-19 22:07 – Updated: 2025-06-09 15:57
VLAI
Summary
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-787 - Out-of-bounds Write
Assigner
References
23 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"name": "USN-4038-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4038-2/"
},
{
"name": "USN-4038-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4038-1/"
},
{
"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/22"
},
{
"name": "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"
},
{
"name": "openSUSE-SU-2019:1781",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"
},
{
"name": "FreeBSD-SA-19:18",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
},
{
"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/4"
},
{
"name": "openSUSE-SU-2019:1918",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"
},
{
"name": "USN-4146-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4146-1/"
},
{
"name": "USN-4146-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4146-2/"
},
{
"name": "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"
},
{
"name": "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"
},
{
"name": "openSUSE-SU-2019:2595",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
},
{
"name": "openSUSE-SU-2019:2597",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
},
{
"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-12900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:54:12.653578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:57:25.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-17T13:06:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"name": "USN-4038-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4038-2/"
},
{
"name": "USN-4038-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4038-1/"
},
{
"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/22"
},
{
"name": "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"
},
{
"name": "openSUSE-SU-2019:1781",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"
},
{
"name": "FreeBSD-SA-19:18",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
},
{
"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/4"
},
{
"name": "openSUSE-SU-2019:1918",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"
},
{
"name": "USN-4146-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4146-1/"
},
{
"name": "USN-4146-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4146-2/"
},
{
"name": "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"
},
{
"name": "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"
},
{
"name": "openSUSE-SU-2019:2595",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
},
{
"name": "openSUSE-SU-2019:2597",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
},
{
"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"name": "USN-4038-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4038-2/"
},
{
"name": "USN-4038-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4038-1/"
},
{
"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/22"
},
{
"name": "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"
},
{
"name": "openSUSE-SU-2019:1781",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"
},
{
"name": "FreeBSD-SA-19:18",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
},
{
"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/4"
},
{
"name": "openSUSE-SU-2019:1918",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"
},
{
"name": "USN-4146-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4146-1/"
},
{
"name": "USN-4146-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4146-2/"
},
{
"name": "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"
},
{
"name": "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"
},
{
"name": "openSUSE-SU-2019:2595",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
},
{
"name": "openSUSE-SU-2019:2597",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
},
{
"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b@%3Cusers.kafka.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
},
{
"name": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
},
{
"name": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc",
"refsource": "MISC",
"url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"
},
{
"name": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4@%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774@%3Cuser.flink.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12900",
"datePublished": "2019-06-19T22:07:57.000Z",
"dateReserved": "2019-06-19T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:57:25.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3189 (GCVE-0-2016-3189)
Vulnerability from nvd – Published: 2016-06-30 17:00 – Updated: 2025-06-09 16:01
VLAI
Summary
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-416 - Use After Free
Assigner
References
25 references
Date Public
2016-06-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:57.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160620 CVE-2016-3189: bzip2 use-after-free on bzip2recover",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/20/1"
},
{
"name": "1036132",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036132"
},
{
"name": "91297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91297"
},
{
"name": "GLSA-201708-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201708-08"
},
{
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"name": "USN-4038-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4038-2/"
},
{
"name": "USN-4038-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4038-1/"
},
{
"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/22"
},
{
"name": "FreeBSD-SA-19:18",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
},
{
"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/4"
},
{
"name": "[kafka-dev] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200413 [jira] [Updated] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200414 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319648"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
},
{
"name": "[kafka-jira] 20210729 [jira] [Comment Edited] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-3189",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:58:23.497432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T16:01:46.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-29T06:06:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160620 CVE-2016-3189: bzip2 use-after-free on bzip2recover",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/20/1"
},
{
"name": "1036132",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036132"
},
{
"name": "91297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91297"
},
{
"name": "GLSA-201708-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201708-08"
},
{
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"name": "USN-4038-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4038-2/"
},
{
"name": "USN-4038-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4038-1/"
},
{
"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/22"
},
{
"name": "FreeBSD-SA-19:18",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
},
{
"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/4"
},
{
"name": "[kafka-dev] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200413 [jira] [Updated] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200414 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319648"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
},
{
"name": "[kafka-jira] 20210729 [jira] [Comment Edited] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160620 CVE-2016-3189: bzip2 use-after-free on bzip2recover",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/20/1"
},
{
"name": "1036132",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036132"
},
{
"name": "91297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91297"
},
{
"name": "GLSA-201708-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201708-08"
},
{
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"name": "USN-4038-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4038-2/"
},
{
"name": "USN-4038-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4038-1/"
},
{
"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/22"
},
{
"name": "FreeBSD-SA-19:18",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
},
{
"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/4"
},
{
"name": "[kafka-dev] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200413 [jira] [Updated] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200414 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3@%3Cjira.kafka.apache.org%3E"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1319648",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319648"
},
{
"name": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
},
{
"name": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
},
{
"name": "[kafka-jira] 20210729 [jira] [Comment Edited] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203@%3Cjira.kafka.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3189",
"datePublished": "2016-06-30T17:00:00.000Z",
"dateReserved": "2016-03-15T00:00:00.000Z",
"dateUpdated": "2025-06-09T16:01:46.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4089 (GCVE-0-2011-4089)
Vulnerability from nvd – Published: 2014-04-16 18:00 – Updated: 2024-08-06 23:53
VLAI
Summary
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2011/Oct/804 | mailing-listx_refsource_FULLDISC |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-1308-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.exploit-db.com/exploits/18147 | exploitx_refsource_EXPLOIT-DB |
| http://www.openwall.com/lists/oss-security/2011/1… | mailing-listx_refsource_MLIST |
Date Public
2011-07-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20111025 Re: Symlink vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2011/Oct/804"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862"
},
{
"name": "USN-1308-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1308-1"
},
{
"name": "18147",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18147"
},
{
"name": "[oss-security] 20111028 Re: Request for CVE Identifier: bzexe insecure\ttemporary file",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/28/16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-16T17:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20111025 Re: Symlink vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2011/Oct/804"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862"
},
{
"name": "USN-1308-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1308-1"
},
{
"name": "18147",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18147"
},
{
"name": "[oss-security] 20111028 Re: Request for CVE Identifier: bzexe insecure\ttemporary file",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/28/16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4089",
"datePublished": "2014-04-16T18:00:00.000Z",
"dateReserved": "2011-10-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:53:32.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0405 (GCVE-0-2010-0405)
Vulnerability from nvd – Published: 2010-09-28 17:00 – Updated: 2024-08-07 00:45
VLAI
Summary
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
35 references
Date Public
2010-09-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-986-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-986-3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3"
},
{
"name": "FEDORA-2010-17439",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html"
},
{
"name": "USN-986-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-986-1"
},
{
"name": "USN-986-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-986-2"
},
{
"name": "41452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41452"
},
{
"name": "42404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42404"
},
{
"name": "48378",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48378"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230"
},
{
"name": "ADV-2010-3073",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3073"
},
{
"name": "ADV-2010-2455",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2455"
},
{
"name": "APPLE-SA-2011-03-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "42530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42530"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231"
},
{
"name": "[oss-security] 20100921 bzip2 CVE-2010-0405 integer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128506868510655\u0026w=2"
},
{
"name": "42529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42529"
},
{
"name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"name": "41505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41505"
},
{
"name": "ADV-2010-3052",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3052"
},
{
"name": "RHSA-2010:0703",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0703.html"
},
{
"name": "RHSA-2010:0858",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0858.html"
},
{
"name": "FEDORA-2010-1512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow"
},
{
"name": "42405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42405"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=627882"
},
{
"name": "ADV-2010-3126",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"name": "GLSA-201301-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-05.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bzip.org/"
},
{
"name": "ADV-2010-3127",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3127"
},
{
"name": "ADV-2010-3043",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3043"
},
{
"name": "SUSE-SR:2010:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"name": "42350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42350"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-986-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-986-3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3"
},
{
"name": "FEDORA-2010-17439",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html"
},
{
"name": "USN-986-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-986-1"
},
{
"name": "USN-986-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-986-2"
},
{
"name": "41452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41452"
},
{
"name": "42404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42404"
},
{
"name": "48378",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48378"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230"
},
{
"name": "ADV-2010-3073",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3073"
},
{
"name": "ADV-2010-2455",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2455"
},
{
"name": "APPLE-SA-2011-03-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "42530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42530"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231"
},
{
"name": "[oss-security] 20100921 bzip2 CVE-2010-0405 integer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128506868510655\u0026w=2"
},
{
"name": "42529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42529"
},
{
"name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"name": "41505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41505"
},
{
"name": "ADV-2010-3052",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3052"
},
{
"name": "RHSA-2010:0703",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0703.html"
},
{
"name": "RHSA-2010:0858",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0858.html"
},
{
"name": "FEDORA-2010-1512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow"
},
{
"name": "42405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42405"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=627882"
},
{
"name": "ADV-2010-3126",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"name": "GLSA-201301-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-05.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bzip.org/"
},
{
"name": "ADV-2010-3127",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3127"
},
{
"name": "ADV-2010-3043",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3043"
},
{
"name": "SUSE-SR:2010:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"name": "42350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42350"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-986-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-986-3"
},
{
"name": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.3",
"refsource": "CONFIRM",
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.3"
},
{
"name": "FEDORA-2010-17439",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html"
},
{
"name": "USN-986-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-986-1"
},
{
"name": "USN-986-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-986-2"
},
{
"name": "41452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41452"
},
{
"name": "42404",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42404"
},
{
"name": "48378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48378"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230"
},
{
"name": "ADV-2010-3073",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3073"
},
{
"name": "ADV-2010-2455",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2455"
},
{
"name": "APPLE-SA-2011-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "42530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42530"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231"
},
{
"name": "[oss-security] 20100921 bzip2 CVE-2010-0405 integer overflow",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=128506868510655\u0026w=2"
},
{
"name": "42529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42529"
},
{
"name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"name": "41505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41505"
},
{
"name": "ADV-2010-3052",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3052"
},
{
"name": "RHSA-2010:0703",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0703.html"
},
{
"name": "RHSA-2010:0858",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0858.html"
},
{
"name": "FEDORA-2010-1512",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html"
},
{
"name": "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow",
"refsource": "CONFIRM",
"url": "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow"
},
{
"name": "42405",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42405"
},
{
"name": "http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/",
"refsource": "CONFIRM",
"url": "http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=627882",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=627882"
},
{
"name": "ADV-2010-3126",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"name": "GLSA-201301-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-05.xml"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"name": "http://www.bzip.org/",
"refsource": "CONFIRM",
"url": "http://www.bzip.org/"
},
{
"name": "ADV-2010-3127",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3127"
},
{
"name": "ADV-2010-3043",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3043"
},
{
"name": "SUSE-SR:2010:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"name": "42350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42350"
},
{
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0405",
"datePublished": "2010-09-28T17:00:00.000Z",
"dateReserved": "2010-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:45:12.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1372 (GCVE-0-2008-1372)
Vulnerability from nvd – Published: 2008-03-18 21:00 – Updated: 2024-08-07 08:17
VLAI
Summary
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
46 references
Date Public
2008-03-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3757"
},
{
"name": "bzip2-archives-code-execution(41249)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41249"
},
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bzip.org/CHANGES"
},
{
"name": "241786",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1"
},
{
"name": "36096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36096"
},
{
"name": "FEDORA-2008-2970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html"
},
{
"name": "NetBSD-SA2008-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc"
},
{
"name": "20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498863/100/0/threaded"
},
{
"name": "ADV-2008-2557",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2557"
},
{
"name": "31878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31878"
},
{
"name": "SSA:2008-098-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.473263"
},
{
"name": "31869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31869"
},
{
"name": "1020867",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020867"
},
{
"name": "RHSA-2008:0893",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0893.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.vmware.com/kb/1007504"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
},
{
"name": "APPLE-SA-2009-08-05-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"name": "VU#813451",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/813451"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/attachment.cgi?id=146488\u0026action=view"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.vmware.com/kb/1007198"
},
{
"name": "GLSA-200804-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml"
},
{
"name": "FEDORA-2008-3037",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.vmware.com/kb/1006982"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=40"
},
{
"name": "29656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118"
},
{
"name": "29475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29475"
},
{
"name": "29698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29698"
},
{
"name": "29497",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29497"
},
{
"name": "29940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29940"
},
{
"name": "20080321 rPSA-2008-0118-1 bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489968/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:6467",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467"
},
{
"name": "oval:org.mitre.oval:def:10067",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067"
},
{
"name": "GLSA-200903-40",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-40.xml"
},
{
"name": "31204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31204"
},
{
"name": "USN-590-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/590-1/"
},
{
"name": "MDVSA-2008:075",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:075"
},
{
"name": "ADV-2008-0915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0915"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/"
},
{
"name": "29506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29506"
},
{
"name": "ADV-2009-2172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2172"
},
{
"name": "TA09-218A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"name": "28286",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28286"
},
{
"name": "29410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29410"
},
{
"name": "29677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29677"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3757"
},
{
"name": "bzip2-archives-code-execution(41249)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41249"
},
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bzip.org/CHANGES"
},
{
"name": "241786",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1"
},
{
"name": "36096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36096"
},
{
"name": "FEDORA-2008-2970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html"
},
{
"name": "NetBSD-SA2008-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc"
},
{
"name": "20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498863/100/0/threaded"
},
{
"name": "ADV-2008-2557",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2557"
},
{
"name": "31878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31878"
},
{
"name": "SSA:2008-098-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.473263"
},
{
"name": "31869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31869"
},
{
"name": "1020867",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020867"
},
{
"name": "RHSA-2008:0893",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0893.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.vmware.com/kb/1007504"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
},
{
"name": "APPLE-SA-2009-08-05-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"name": "VU#813451",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/813451"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/attachment.cgi?id=146488\u0026action=view"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.vmware.com/kb/1007198"
},
{
"name": "GLSA-200804-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml"
},
{
"name": "FEDORA-2008-3037",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.vmware.com/kb/1006982"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=40"
},
{
"name": "29656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118"
},
{
"name": "29475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29475"
},
{
"name": "29698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29698"
},
{
"name": "29497",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29497"
},
{
"name": "29940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29940"
},
{
"name": "20080321 rPSA-2008-0118-1 bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489968/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:6467",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467"
},
{
"name": "oval:org.mitre.oval:def:10067",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067"
},
{
"name": "GLSA-200903-40",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-40.xml"
},
{
"name": "31204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31204"
},
{
"name": "USN-590-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/590-1/"
},
{
"name": "MDVSA-2008:075",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:075"
},
{
"name": "ADV-2008-0915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0915"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/"
},
{
"name": "29506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29506"
},
{
"name": "ADV-2009-2172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2172"
},
{
"name": "TA09-218A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"name": "28286",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28286"
},
{
"name": "29410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29410"
},
{
"name": "29677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29677"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT3757",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3757"
},
{
"name": "bzip2-archives-code-execution(41249)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41249"
},
{
"name": "SUSE-SR:2008:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "http://www.bzip.org/CHANGES",
"refsource": "CONFIRM",
"url": "http://www.bzip.org/CHANGES"
},
{
"name": "241786",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1"
},
{
"name": "36096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36096"
},
{
"name": "FEDORA-2008-2970",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html"
},
{
"name": "NetBSD-SA2008-004",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc"
},
{
"name": "20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498863/100/0/threaded"
},
{
"name": "ADV-2008-2557",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2557"
},
{
"name": "31878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31878"
},
{
"name": "SSA:2008-098-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.473263"
},
{
"name": "31869",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31869"
},
{
"name": "1020867",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020867"
},
{
"name": "RHSA-2008:0893",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0893.html"
},
{
"name": "http://kb.vmware.com/kb/1007504",
"refsource": "CONFIRM",
"url": "http://kb.vmware.com/kb/1007504"
},
{
"name": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html",
"refsource": "MISC",
"url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
},
{
"name": "APPLE-SA-2009-08-05-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"name": "VU#813451",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/813451"
},
{
"name": "https://bugs.gentoo.org/attachment.cgi?id=146488\u0026action=view",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/attachment.cgi?id=146488\u0026action=view"
},
{
"name": "http://kb.vmware.com/kb/1007198",
"refsource": "CONFIRM",
"url": "http://kb.vmware.com/kb/1007198"
},
{
"name": "GLSA-200804-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml"
},
{
"name": "FEDORA-2008-3037",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html"
},
{
"name": "http://kb.vmware.com/kb/1006982",
"refsource": "CONFIRM",
"url": "http://kb.vmware.com/kb/1006982"
},
{
"name": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=40",
"refsource": "CONFIRM",
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=40"
},
{
"name": "29656",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29656"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118"
},
{
"name": "29475",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29475"
},
{
"name": "29698",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29698"
},
{
"name": "29497",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29497"
},
{
"name": "29940",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29940"
},
{
"name": "20080321 rPSA-2008-0118-1 bzip2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489968/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:6467",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467"
},
{
"name": "oval:org.mitre.oval:def:10067",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067"
},
{
"name": "GLSA-200903-40",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-40.xml"
},
{
"name": "31204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31204"
},
{
"name": "USN-590-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/590-1/"
},
{
"name": "MDVSA-2008:075",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:075"
},
{
"name": "ADV-2008-0915",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0915"
},
{
"name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/",
"refsource": "MISC",
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/"
},
{
"name": "29506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29506"
},
{
"name": "ADV-2009-2172",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2172"
},
{
"name": "TA09-218A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"name": "28286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28286"
},
{
"name": "29410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29410"
},
{
"name": "29677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29677"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1372",
"datePublished": "2008-03-18T21:00:00.000Z",
"dateReserved": "2008-03-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:34.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1260 (GCVE-0-2005-1260)
Vulnerability from nvd – Published: 2005-05-19 04:00 – Updated: 2024-08-07 21:44
VLAI
Summary
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
20 references
Date Public
2005-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FLSA:158801",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
},
{
"name": "USN-127-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/127-1/"
},
{
"name": "13657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13657"
},
{
"name": "DSA-741",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-741"
},
{
"name": "26444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "15447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15447"
},
{
"name": "oval:org.mitre.oval:def:10700",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10700"
},
{
"name": "27274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27274"
},
{
"name": "200191",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1"
},
{
"name": "oval:org.mitre.oval:def:749",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A749"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "ADV-2007-3525",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3525"
},
{
"name": "ADV-2007-3868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "20060301-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc"
},
{
"name": "27643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27643"
},
{
"name": "19183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19183"
},
{
"name": "RHSA-2005:474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-474.html"
},
{
"name": "TA07-319A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "103118",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a \"decompression bomb\")."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FLSA:158801",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
},
{
"name": "USN-127-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/127-1/"
},
{
"name": "13657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13657"
},
{
"name": "DSA-741",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-741"
},
{
"name": "26444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "15447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15447"
},
{
"name": "oval:org.mitre.oval:def:10700",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10700"
},
{
"name": "27274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27274"
},
{
"name": "200191",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1"
},
{
"name": "oval:org.mitre.oval:def:749",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A749"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "ADV-2007-3525",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3525"
},
{
"name": "ADV-2007-3868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "20060301-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc"
},
{
"name": "27643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27643"
},
{
"name": "19183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19183"
},
{
"name": "RHSA-2005:474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-474.html"
},
{
"name": "TA07-319A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "103118",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-1260",
"datePublished": "2005-05-19T04:00:00.000Z",
"dateReserved": "2005-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:44:05.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0953 (GCVE-0-2005-0953)
Vulnerability from nvd – Published: 2005-04-03 05:00 – Updated: 2024-08-07 21:28
VLAI
Summary
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
25 references
Date Public
2005-03-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:29.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:1154",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154"
},
{
"name": "FLSA:158801",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
},
{
"name": "26444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "NetBSD-SA2008-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc"
},
{
"name": "bzip2-toctou-symlink(19926)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19926"
},
{
"name": "DSA-730",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-730"
},
{
"name": "OpenPKG-SA-2007.002",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html"
},
{
"name": "oval:org.mitre.oval:def:10902",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902"
},
{
"name": "27274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27274"
},
{
"name": "20070109 rPSA-2007-0004-1 bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456430/30/8730/threaded"
},
{
"name": "200191",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "ADV-2007-3525",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3525"
},
{
"name": "ADV-2007-3868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "29940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29940"
},
{
"name": "20060301-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc"
},
{
"name": "27643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27643"
},
{
"name": "12954",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12954"
},
{
"name": "19183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19183"
},
{
"name": "MDKSA-2006:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026"
},
{
"name": "RHSA-2005:474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-474.html"
},
{
"name": "TA07-319A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "20050330 bzip2 TOCTOU file-permissions vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111229375217633\u0026w=2"
},
{
"name": "103118",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:1154",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154"
},
{
"name": "FLSA:158801",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
},
{
"name": "26444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "NetBSD-SA2008-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc"
},
{
"name": "bzip2-toctou-symlink(19926)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19926"
},
{
"name": "DSA-730",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-730"
},
{
"name": "OpenPKG-SA-2007.002",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html"
},
{
"name": "oval:org.mitre.oval:def:10902",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902"
},
{
"name": "27274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27274"
},
{
"name": "20070109 rPSA-2007-0004-1 bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456430/30/8730/threaded"
},
{
"name": "200191",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "ADV-2007-3525",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3525"
},
{
"name": "ADV-2007-3868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "29940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29940"
},
{
"name": "20060301-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc"
},
{
"name": "27643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27643"
},
{
"name": "12954",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12954"
},
{
"name": "19183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19183"
},
{
"name": "MDKSA-2006:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026"
},
{
"name": "RHSA-2005:474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-474.html"
},
{
"name": "TA07-319A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "20050330 bzip2 TOCTOU file-permissions vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111229375217633\u0026w=2"
},
{
"name": "103118",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:1154",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154"
},
{
"name": "FLSA:158801",
"refsource": "FEDORA",
"url": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
},
{
"name": "26444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "NetBSD-SA2008-004",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc"
},
{
"name": "bzip2-toctou-symlink(19926)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19926"
},
{
"name": "DSA-730",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-730"
},
{
"name": "OpenPKG-SA-2007.002",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html"
},
{
"name": "oval:org.mitre.oval:def:10902",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902"
},
{
"name": "27274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27274"
},
{
"name": "20070109 rPSA-2007-0004-1 bzip2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456430/30/8730/threaded"
},
{
"name": "200191",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1"
},
{
"name": "APPLE-SA-2007-11-14",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307041",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "ADV-2007-3525",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3525"
},
{
"name": "ADV-2007-3868",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "29940",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29940"
},
{
"name": "20060301-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc"
},
{
"name": "27643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27643"
},
{
"name": "12954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12954"
},
{
"name": "19183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19183"
},
{
"name": "MDKSA-2006:026",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026"
},
{
"name": "RHSA-2005:474",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-474.html"
},
{
"name": "TA07-319A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "20050330 bzip2 TOCTOU file-permissions vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111229375217633\u0026w=2"
},
{
"name": "103118",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0953",
"datePublished": "2005-04-03T05:00:00.000Z",
"dateReserved": "2005-04-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:28:29.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0760 (GCVE-0-2002-0760)
Vulnerability from nvd – Published: 2003-04-02 05:00 – Updated: 2024-08-08 03:03
VLAI
Summary
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/9127.php | vdb-entryx_refsource_XF |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA… | vendor-advisoryx_refsource_CALDERA |
| http://www.securityfocus.com/bid/4775 | vdb-entryx_refsource_BID |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories… | vendor-advisoryx_refsource_FREEBSD |
Date Public
2002-05-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:47.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bzip2-decompression-race-condition(9127)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9127.php"
},
{
"name": "CSSA-2002-039.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name": "4775",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4775"
},
{
"name": "FreeBSD-SA-02:25",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-24T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bzip2-decompression-race-condition(9127)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9127.php"
},
{
"name": "CSSA-2002-039.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name": "4775",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4775"
},
{
"name": "FreeBSD-SA-02:25",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bzip2-decompression-race-condition(9127)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9127.php"
},
{
"name": "CSSA-2002-039.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name": "4775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4775"
},
{
"name": "FreeBSD-SA-02:25",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0760",
"datePublished": "2003-04-02T05:00:00.000Z",
"dateReserved": "2002-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:03:47.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0761 (GCVE-0-2002-0761)
Vulnerability from nvd – Published: 2003-04-02 05:00 – Updated: 2024-08-08 03:03
VLAI
Summary
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/9128.php | vdb-entryx_refsource_XF |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA… | vendor-advisoryx_refsource_CALDERA |
| http://www.securityfocus.com/bid/4776 | vdb-entryx_refsource_BID |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories… | vendor-advisoryx_refsource_FREEBSD |
Date Public
2002-05-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:49.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bzip2-compression-symlink(9128)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9128.php"
},
{
"name": "CSSA-2002-039.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name": "4776",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4776"
},
{
"name": "FreeBSD-SA-02:25",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-24T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bzip2-compression-symlink(9128)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9128.php"
},
{
"name": "CSSA-2002-039.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name": "4776",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4776"
},
{
"name": "FreeBSD-SA-02:25",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bzip2-compression-symlink(9128)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9128.php"
},
{
"name": "CSSA-2002-039.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name": "4776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4776"
},
{
"name": "FreeBSD-SA-02:25",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0761",
"datePublished": "2003-04-02T05:00:00.000Z",
"dateReserved": "2002-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:03:49.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0759 (GCVE-0-2002-0759)
Vulnerability from nvd – Published: 2003-04-02 05:00 – Updated: 2024-08-08 03:03
VLAI
Summary
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA… | vendor-advisoryx_refsource_CALDERA |
| http://www.iss.net/security_center/static/9126.php | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/4774 | vdb-entryx_refsource_BID |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories… | vendor-advisoryx_refsource_FREEBSD |
Date Public
2002-05-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:48.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CSSA-2002-039.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name": "bzip2-decompression-file-overwrite(9126)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9126.php"
},
{
"name": "4774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4774"
},
{
"name": "FreeBSD-SA-02:25",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-24T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CSSA-2002-039.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name": "bzip2-decompression-file-overwrite(9126)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9126.php"
},
{
"name": "4774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4774"
},
{
"name": "FreeBSD-SA-02:25",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CSSA-2002-039.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name": "bzip2-decompression-file-overwrite(9126)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9126.php"
},
{
"name": "4774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4774"
},
{
"name": "FreeBSD-SA-02:25",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0759",
"datePublished": "2003-04-02T05:00:00.000Z",
"dateReserved": "2002-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:03:48.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}