Lucene search

K
cve[email protected]CVE-2019-12900
HistoryJun 19, 2019 - 11:15 p.m.

CVE-2019-12900

2019-06-1923:15:09
CWE-787
web.nvd.nist.gov
864
4
cve-2019-12900
bz2_decompress
out-of-bounds write
bzip2 1.0.6
selectors
nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.9%

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

Affected configurations

NVD
Node
bzipbzip2Range1.0.6
Node
debiandebian_linuxMatch8.0
Node
opensuseleapMatch15.0
OR
opensuseleapMatch15.1
Node
canonicalubuntu_linuxMatch12.04
OR
canonicalubuntu_linuxMatch14.04esm
OR
canonicalubuntu_linuxMatch16.04esm
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch19.04
Node
freebsdfreebsdMatch11.2-
OR
freebsdfreebsdMatch11.2p10
OR
freebsdfreebsdMatch11.2p11
OR
freebsdfreebsdMatch11.2p12
OR
freebsdfreebsdMatch11.2p2
OR
freebsdfreebsdMatch11.2p3
OR
freebsdfreebsdMatch11.2p4
OR
freebsdfreebsdMatch11.2p5
OR
freebsdfreebsdMatch11.2p6
OR
freebsdfreebsdMatch11.2p7
OR
freebsdfreebsdMatch11.2p8
OR
freebsdfreebsdMatch11.2p9
OR
freebsdfreebsdMatch11.2rc3
OR
freebsdfreebsdMatch11.3-
OR
freebsdfreebsdMatch11.3p1
OR
freebsdfreebsdMatch12.0-
OR
freebsdfreebsdMatch12.0p1
OR
freebsdfreebsdMatch12.0p2
OR
freebsdfreebsdMatch12.0p3
OR
freebsdfreebsdMatch12.0p4
OR
freebsdfreebsdMatch12.0p5
OR
freebsdfreebsdMatch12.0p6
OR
freebsdfreebsdMatch12.0p7
OR
freebsdfreebsdMatch12.0p8
Node
pythonpythonRange3.7.03.7.13
OR
pythonpythonRange3.8.03.8.13
OR
pythonpythonRange3.9.03.9.11
OR
pythonpythonRange3.10.03.10.3
CPENameOperatorVersion
bzip:bzip2bzip bzip2le1.0.6

References

Social References

More

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.9%