CVE-2019-12900 – bzip2: out-of-bounds write in function BZ2_decompress
https://notcve.org/view.php?id=CVE-2019-12900
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. La función BZ2_decompress en el archivo decompress.c en bzip2 hasta 1.0.6, presenta una escritura fuera de límites cuando hay muchos selectores. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html https://gitlab.com/federicomenaqui • CWE-787: Out-of-bounds Write •
CVE-2016-3189
https://notcve.org/view.php?id=CVE-2016-3189
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. Vulnerabilidad de uso después de liberación de memoria en bzip2recover en bzip2 1.0.6 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo bzip2 manipulado, relacionado con el establecimiento de extremos de bloque antes del inicio del bloque. • http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html http://www.openwall.com/lists/oss-security/2016/06/20/1 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91297 http://www.securitytracker.com/id/1036132 https://bugzilla.redhat.com/show_bug.cgi?id=1319648 https://lists.apache.org/thread.html/r19b4a70ac5 •
CVE-2011-4089 – bzexe (bzip2) - Race Condition
https://notcve.org/view.php?id=CVE-2011-4089
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory. El comando bzexe en bzip2 1.0.5 y anteriores genera ejecutables comprimidos que no manejan debidamente archivos temporales durante extracción, lo que permite a usuarios locales ejecutar código arbitrario mediante la precreación de un directorio temporal. bzexe suffers from a /tmp race condition that allows for local root compromise. • https://www.exploit-db.com/exploits/18147 http://seclists.org/fulldisclosure/2011/Oct/804 http://www.exploit-db.com/exploits/18147 http://www.openwall.com/lists/oss-security/2011/10/28/16 http://www.ubuntu.com/usn/USN-1308-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-0405 – bzip2: integer overflow flaw in BZ2_decompress
https://notcve.org/view.php?id=CVE-2010-0405
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. Desbordamiento de enteros en la función BZ2_decompress en decompress.c en bzip2 y libbzip2 anterior v1.0.6 permite a atacantes dependientes del contexto causar una denegación de servicio (caída aplicación) o probablemente ejecutar código de su elección a través de ficheros comprimidos manipulados. • http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/? • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2009-1884
https://notcve.org/view.php?id=CVE-2009-1884
Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391. Error de superación de límite (Off-by-one) en la función bzinflate en Bzip2.xs en el módulo Compress-Raw-Bzip2 anterior a v2.018 para Perl permite a atacantes dependientes de contexto producir una denegación de servicio (cuelgue de aplicación o caída) a través de un stream comprimido de bzip2 que inicia un desbordamiento de búfer, una situación parecida a CVE-2009-1391. • http://secunia.com/advisories/36386 http://secunia.com/advisories/36415 http://security.gentoo.org/glsa/glsa-200908-07.xml http://www.securityfocus.com/bid/36082 https://bugs.gentoo.org/show_bug.cgi?id=281955 https://bugzilla.redhat.com/show_bug.cgi?id=518278 https://exchange.xforce.ibmcloud.com/vulnerabilities/52628 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html • CWE-189: Numeric Errors •