CVE-2008-1372

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-1372
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc
http://kb.vmware.com/kb/1006982
http://kb.vmware.com/kb/1007198
http://kb.vmware.com/kb/1007504
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
http://secunia.com/advisories/29410
http://secunia.com/advisories/29475
http://secunia.com/advisories/29497
http://secunia.com/advisories/29506
http://secunia.com/advisories/29656
http://secunia.com/advisories/29677
http://secunia.com/advisories/29698
http://secunia.com/advisories/29940
http://secunia.com/advisories/31204
http://secunia.com/advisories/31869
http://secunia.com/advisories/31878
http://secunia.com/advisories/36096
http://security.gentoo.org/glsa/glsa-200903-40.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1
http://support.apple.com/kb/HT3757
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118
http://www.bzip.org/CHANGES
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml
http://www.ipcop.org/index.php?name=News&file=article&sid=40
http://www.kb.cert.org/vuls/id/813451 US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2008:075
http://www.redhat.com/support/errata/RHSA-2008-0893.html
http://www.securityfocus.com/archive/1/489968/100/0/threaded
http://www.securityfocus.com/archive/1/498863/100/0/threaded
http://www.securityfocus.com/bid/28286 Exploit
http://www.securitytracker.com/id?1020867
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263
http://www.us-cert.gov/cas/techalerts/TA09-218A.html US Government Resource
http://www.vupen.com/english/advisories/2008/0915
http://www.vupen.com/english/advisories/2008/2557
http://www.vupen.com/english/advisories/2009/2172
https://bugs.gentoo.org/attachment.cgi?id=146488&action=view
https://exchange.xforce.ibmcloud.com/vulnerabilities/41249
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467
https://usn.ubuntu.com/590-1/
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc
http://kb.vmware.com/kb/1006982
http://kb.vmware.com/kb/1007198
http://kb.vmware.com/kb/1007504
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
http://secunia.com/advisories/29410
http://secunia.com/advisories/29475
http://secunia.com/advisories/29497
http://secunia.com/advisories/29506
http://secunia.com/advisories/29656
http://secunia.com/advisories/29677
http://secunia.com/advisories/29698
http://secunia.com/advisories/29940
http://secunia.com/advisories/31204
http://secunia.com/advisories/31869
http://secunia.com/advisories/31878
http://secunia.com/advisories/36096
http://security.gentoo.org/glsa/glsa-200903-40.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1
http://support.apple.com/kb/HT3757
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118
http://www.bzip.org/CHANGES
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml
http://www.ipcop.org/index.php?name=News&file=article&sid=40
http://www.kb.cert.org/vuls/id/813451 US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2008:075
http://www.redhat.com/support/errata/RHSA-2008-0893.html
http://www.securityfocus.com/archive/1/489968/100/0/threaded
http://www.securityfocus.com/archive/1/498863/100/0/threaded
http://www.securityfocus.com/bid/28286 Exploit
http://www.securitytracker.com/id?1020867
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263
http://www.us-cert.gov/cas/techalerts/TA09-218A.html US Government Resource
http://www.vupen.com/english/advisories/2008/0915
http://www.vupen.com/english/advisories/2008/2557
http://www.vupen.com/english/advisories/2009/2172
https://bugs.gentoo.org/attachment.cgi?id=146488&action=view
https://exchange.xforce.ibmcloud.com/vulnerabilities/41249
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467
https://usn.ubuntu.com/590-1/
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bzip:bzip2:0.9:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9_a:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9_b:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9_c:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:1.0.3:*:*:*:*:*:*:*
History

21 Nov 2024, 00:44

Type Values Removed Values Added
References () ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc - () ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc -
References () http://kb.vmware.com/kb/1006982 - () http://kb.vmware.com/kb/1006982 -
References () http://kb.vmware.com/kb/1007198 - () http://kb.vmware.com/kb/1007198 -
References () http://kb.vmware.com/kb/1007504 - () http://kb.vmware.com/kb/1007504 -
References () http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html - () http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html -
References () http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html - () http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html -
References () http://secunia.com/advisories/29410 - () http://secunia.com/advisories/29410 -
References () http://secunia.com/advisories/29475 - () http://secunia.com/advisories/29475 -
References () http://secunia.com/advisories/29497 - () http://secunia.com/advisories/29497 -
References () http://secunia.com/advisories/29506 - () http://secunia.com/advisories/29506 -
References () http://secunia.com/advisories/29656 - () http://secunia.com/advisories/29656 -
References () http://secunia.com/advisories/29677 - () http://secunia.com/advisories/29677 -
References () http://secunia.com/advisories/29698 - () http://secunia.com/advisories/29698 -
References () http://secunia.com/advisories/29940 - () http://secunia.com/advisories/29940 -
References () http://secunia.com/advisories/31204 - () http://secunia.com/advisories/31204 -
References () http://secunia.com/advisories/31869 - () http://secunia.com/advisories/31869 -
References () http://secunia.com/advisories/31878 - () http://secunia.com/advisories/31878 -
References () http://secunia.com/advisories/36096 - () http://secunia.com/advisories/36096 -
References () http://security.gentoo.org/glsa/glsa-200903-40.xml - () http://security.gentoo.org/glsa/glsa-200903-40.xml -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1 -
References () http://support.apple.com/kb/HT3757 - () http://support.apple.com/kb/HT3757 -
References () http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118 - () http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118 -
References () http://www.bzip.org/CHANGES - () http://www.bzip.org/CHANGES -
References () http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html - () http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html -
References () http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/ - () http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/ -
References () http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml - () http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml -
References () http://www.ipcop.org/index.php?name=News&file=article&sid=40 - () http://www.ipcop.org/index.php?name=News&file=article&sid=40 -
References () http://www.kb.cert.org/vuls/id/813451 - US Government Resource () http://www.kb.cert.org/vuls/id/813451 - US Government Resource
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:075 - () http://www.mandriva.com/security/advisories?name=MDVSA-2008:075 -
References () http://www.redhat.com/support/errata/RHSA-2008-0893.html - () http://www.redhat.com/support/errata/RHSA-2008-0893.html -
References () http://www.securityfocus.com/archive/1/489968/100/0/threaded - () http://www.securityfocus.com/archive/1/489968/100/0/threaded -
References () http://www.securityfocus.com/archive/1/498863/100/0/threaded - () http://www.securityfocus.com/archive/1/498863/100/0/threaded -
References () http://www.securityfocus.com/bid/28286 - Exploit () http://www.securityfocus.com/bid/28286 - Exploit
References () http://www.securitytracker.com/id?1020867 - () http://www.securitytracker.com/id?1020867 -
References () http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263 - () http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263 -
References () http://www.us-cert.gov/cas/techalerts/TA09-218A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA09-218A.html - US Government Resource
References () http://www.vupen.com/english/advisories/2008/0915 - () http://www.vupen.com/english/advisories/2008/0915 -
References () http://www.vupen.com/english/advisories/2008/2557 - () http://www.vupen.com/english/advisories/2008/2557 -
References () http://www.vupen.com/english/advisories/2009/2172 - () http://www.vupen.com/english/advisories/2009/2172 -
References () https://bugs.gentoo.org/attachment.cgi?id=146488&action=view - () https://bugs.gentoo.org/attachment.cgi?id=146488&action=view -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/41249 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/41249 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467 -
References () https://usn.ubuntu.com/590-1/ - () https://usn.ubuntu.com/590-1/ -
References () https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html - () https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html -
References () https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html - () https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html -
Information

Published : 2008-03-18 21:44

Updated : 2024-11-21 00:44

NVD link : CVE-2008-1372

Mitre link : CVE-2008-1372

CVE.ORG link : CVE-2008-1372

JSON object : View

Products Affected

bzip

  • bzip2
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024