Lucene search

K

Veracode Vulnerability DatabaseVERACODE:24188

HistoryApr 10, 2020 - 12:48 a.m.

Arbitrary Code Execution

2020-04-1000:48:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

11

0.027 Low

EPSS

Percentile

90.6%

bzip2 is vulnerable to arbitrary code execution. The vulnerability exists as an integer overflow flaw was discovered in the bzip2 decompression routine. This issue could, when decompressing malformed archives, cause bzip2, or an application linked against the libbz2 library, to crash or, potentially, execute arbitrary code.

CPENameOperatorVersion
bzip2eq1.0.3__4.el5_2
bzip2eq1.0.2__14.el4_7
bzip2eq1.0.5__6.1.el6
bzip2eq1.0.3__4.el5_2
bzip2eq1.0.2__14.el4_7
bzip2eq1.0.5__6.1.el6

References

blogs.sun.com/security/entry/cve_2010_0405_integer_overflow

git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.3

lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html

lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html

marc.info/?l=oss-security&m=128506868510655&w=2

secunia.com/advisories/41452

secunia.com/advisories/41505

secunia.com/advisories/42350

secunia.com/advisories/42404

secunia.com/advisories/42405

secunia.com/advisories/42529

secunia.com/advisories/42530

secunia.com/advisories/48378

security.gentoo.org/glsa/glsa-201301-05.xml

support.apple.com/kb/HT4581

www.bzip.org/

www.redhat.com/security/updates/classification/#important

www.redhat.com/support/errata/RHSA-2010-0703.html

www.redhat.com/support/errata/RHSA-2010-0858.html

www.securityfocus.com/archive/1/515055/100/0/threaded

www.ubuntu.com/usn/usn-986-1

www.ubuntu.com/usn/USN-986-2

www.ubuntu.com/usn/USN-986-3

www.vmware.com/security/advisories/VMSA-2010-0019.html

www.vupen.com/english/advisories/2010/2455

www.vupen.com/english/advisories/2010/3043

www.vupen.com/english/advisories/2010/3052

www.vupen.com/english/advisories/2010/3073

www.vupen.com/english/advisories/2010/3126

www.vupen.com/english/advisories/2010/3127

xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/

access.redhat.com/errata/RHSA-2010:0703

bugzilla.redhat.com/show_bug.cgi?id=627882

wwws.clamav.net/bugzilla/show_bug.cgi?id=2230

wwws.clamav.net/bugzilla/show_bug.cgi?id=2231

0.027 Low

EPSS

Percentile

90.6%

Related for VERACODE:24188

freebsd1 nessus39 openvas46 ubuntu3 fedora7 debiancve1 oraclelinux2 redhat2 osv1 freebsd_advisory1 f52 gentoo2 debian2 ubuntucve1 securityvulns6 altlinux1 prion1 cvelist1 centos1 slackware1 nvd1 ibm1 cve1 vmware4