Page 2 of 11 results (0.003 seconds)

CVSS: 4.3EPSS: 8%CPEs: 12EXPL: 1

CVE-2008-1372 – bzip2: crash on malformed archive file

https://notcve.org/view.php?id=CVE-2008-1372

bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats. El archivo bzlib.c en bzip2 versiones anteriores a 1.0.5, permite a los atacantes remotos asistidos por el usuario causar una denegación de servicio (bloqueo) por medio de un archivo diseñado que activa una lectura excesiva del búfer, como es demostrado por el conjunto de pruebas PROTOS GENOME para Formatos de Archivo. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc http://kb.vmware.com/kb/1006982 http://kb.vmware.com/kb/1007198 http://kb.vmware.com/kb/1007504 http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://secunia.com/advisories/29410 http://secunia.com/advisories/29475 http://secunia.com/advisories/29497 http://secunia.com/advisories/29506 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 0

CVE-2005-1260

https://notcve.org/view.php?id=CVE-2005-1260

bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). • ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/15447 http://secunia.com/advisories/19183 http://secunia.com/advisories/27274 http://secunia.com/advisories/27643 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1 http • CWE-400: Uncontrolled Resource Consumption •

CVSS: 3.7EPSS: 0%CPEs: 11EXPL: 0

CVE-2005-0953

https://notcve.org/view.php?id=CVE-2005-0953

Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://marc.info/?l=bugtraq&m=111229375217633&w=2 http://secunia.com/advisories/19183 http://secunia.com/advisories/27274 http://secunia.com/advisories/27643 http://secunia.com/advisories/29940 http: •

CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0

CVE-2002-0759

https://notcve.org/view.php?id=CVE-2002-0759

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive. bzip2 anteriores a 1.0.2 en FreeBSD 4.5 y anteriores, y otros Sistemas Operativos, no usan la etiqueta O_EXCL para crear ficheros durante la descomprensión y no alertan al usuario de que un fichero ya existente podría ser sobreescrito, lo cual podría permitir a atacantes remotos la sobreescritura de ficheros mediante un archivo bzip2. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc http://www.iss.net/security_center/static/9126.php http://www.securityfocus.com/bid/4774 •

CVSS: 1.2EPSS: 0%CPEs: 10EXPL: 0

CVE-2002-0760

https://notcve.org/view.php?id=CVE-2002-0760

Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed. Condición de Carrera (Race condition) en bzip2 anteriores a 1.0.2 en FreeBSD 4.5 y anteriores, y otros Sistemas Operativos, descomprime ficheros con permiso de lectura a todo el mundo antes de establecer los permisos especificados en el archivo bzip2, lo cual podría permitir a usuarios locales la lectura de ficheros según estan siendo descomprimidos. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc http://www.iss.net/security_center/static/9127.php http://www.securityfocus.com/bid/4775 •