// For flags

CVE-2016-3189

 

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.

Vulnerabilidad de uso después de liberación de memoria en bzip2recover en bzip2 1.0.6 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo bzip2 manipulado, relacionado con el establecimiento de extremos de bloque antes del inicio del bloque.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-03-15 CVE Reserved
  • 2016-06-30 CVE Published
  • 2024-02-16 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (25)
URL Tag Source
http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html Third Party Advisory
http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/20/1 Mailing List
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html Third Party Advisory
http://www.securityfocus.com/bid/91297 Third Party Advisory
http://www.securitytracker.com/id/1036132 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1319648 Issue Tracking
https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E Mailing List
https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E Mailing List
https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E Mailing List
https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html Mailing List
https://seclists.org/bugtraq/2019/Aug/4 Mailing List
https://seclists.org/bugtraq/2019/Jul/22 Mailing List
https://www.oracle.com/security-alerts/cpuoct2020.html Third Party Advisory
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Bzip
Search vendor "Bzip"
Bzip2
Search vendor "Bzip" for product "Bzip2"
1.0.6
Search vendor "Bzip" for product "Bzip2" and version "1.0.6"
-
Affected
Python
Search vendor "Python"
Python
Search vendor "Python" for product "Python"
>= 3.7.0 < 3.7.13
Search vendor "Python" for product "Python" and version " >= 3.7.0 < 3.7.13"
-
Affected
Python
Search vendor "Python"
Python
Search vendor "Python" for product "Python"
>= 3.8.0 < 3.8.13
Search vendor "Python" for product "Python" and version " >= 3.8.0 < 3.8.13"
-
Affected
Python
Search vendor "Python"
Python
Search vendor "Python" for product "Python"
>= 3.9.0 < 3.9.11
Search vendor "Python" for product "Python" and version " >= 3.9.0 < 3.9.11"
-
Affected
Python
Search vendor "Python"
Python
Search vendor "Python" for product "Python"
>= 3.10.0 < 3.10.3
Search vendor "Python" for product "Python" and version " >= 3.10.0 < 3.10.3"
-
Affected