Lucene search

K
cve[email protected]CVE-2008-1372
HistoryMar 18, 2008 - 9:44 p.m.

CVE-2008-1372

2008-03-1821:44:00
CWE-119
web.nvd.nist.gov
32
cve-2008-1372
bzip2
buffer over-read
denial of service
nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

9 High

AI Score

Confidence

High

0.097 Low

EPSS

Percentile

94.8%

bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

Affected configurations

NVD
Node
bzipbzip2Match0.9
OR
bzipbzip2Match0.9.5a
OR
bzipbzip2Match0.9.5b
OR
bzipbzip2Match0.9.5c
OR
bzipbzip2Match0.9.5d
OR
bzipbzip2Match0.9_a
OR
bzipbzip2Match0.9_b
OR
bzipbzip2Match0.9_c
OR
bzipbzip2Match1.0
OR
bzipbzip2Match1.0.1
OR
bzipbzip2Match1.0.2
OR
bzipbzip2Match1.0.3

References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

9 High

AI Score

Confidence

High

0.097 Low

EPSS

Percentile

94.8%