Lucene search

[email protected]CVE-2008-1372

HistoryMar 18, 2008 - 9:44 p.m.

CVE-2008-1372

2008-03-1821:44:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-1372

bzip2

buffer over-read

denial of service

nvd

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.086 Low

EPSS

Percentile

94.5%

JSON

bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

CPENameOperatorVersion
bzip:bzip2bzip bzip2eq1.0
bzip:bzip2bzip bzip2eq0.9_a
bzip:bzip2bzip bzip2eq0.9.5d
bzip:bzip2bzip bzip2eq0.9_c
bzip:bzip2bzip bzip2eq1.0.3
bzip:bzip2bzip bzip2eq1.0.2
bzip:bzip2bzip bzip2eq0.9.5a
bzip:bzip2bzip bzip2eq0.9.5b
bzip:bzip2bzip bzip2eq0.9
bzip:bzip2bzip bzip2eq1.0.1

CPE	Name	Operator	Version
bzip:bzip2	bzip bzip2	eq	1.0
bzip:bzip2	bzip bzip2	eq	0.9_a
bzip:bzip2	bzip bzip2	eq	0.9.5d
bzip:bzip2	bzip bzip2	eq	0.9_c
bzip:bzip2	bzip bzip2	eq	1.0.3
bzip:bzip2	bzip bzip2	eq	1.0.2
bzip:bzip2	bzip bzip2	eq	0.9.5a
bzip:bzip2	bzip bzip2	eq	0.9.5b
bzip:bzip2	bzip bzip2	eq	0.9
bzip:bzip2	bzip bzip2	eq	1.0.1

Rows per page:

1-10 of 121

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc

kb.vmware.com/kb/1006982

kb.vmware.com/kb/1007198

kb.vmware.com/kb/1007504

lists.apple.com/archives/security-announce/2009/Aug/msg00001.html

lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html

secunia.com/advisories/29410

secunia.com/advisories/29475

secunia.com/advisories/29497

secunia.com/advisories/29506

secunia.com/advisories/29656

secunia.com/advisories/29677

secunia.com/advisories/29698

secunia.com/advisories/29940

secunia.com/advisories/31204

secunia.com/advisories/31869

secunia.com/advisories/31878

secunia.com/advisories/36096

security.gentoo.org/glsa/glsa-200903-40.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1

support.apple.com/kb/HT3757

wiki.rpath.com/wiki/Advisories:rPSA-2008-0118

www.bzip.org/CHANGES

www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html

www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/

www.gentoo.org/security/en/glsa/glsa-200804-02.xml

www.ipcop.org/index.php?name=News&file=article&sid=40

www.kb.cert.org/vuls/id/813451

www.mandriva.com/security/advisories?name=MDVSA-2008:075

www.redhat.com/support/errata/RHSA-2008-0893.html

www.securityfocus.com/archive/1/489968/100/0/threaded

www.securityfocus.com/archive/1/498863/100/0/threaded

www.securityfocus.com/bid/28286

www.securitytracker.com/id?1020867

www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263

www.us-cert.gov/cas/techalerts/TA09-218A.html

www.vupen.com/english/advisories/2008/0915

www.vupen.com/english/advisories/2008/2557

www.vupen.com/english/advisories/2009/2172

bugs.gentoo.org/attachment.cgi?id=146488&action=view

exchange.xforce.ibmcloud.com/vulnerabilities/41249

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467

usn.ubuntu.com/590-1/

www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html

www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.086 Low

EPSS

Percentile

94.5%

JSON

Related for CVE-2008-1372

nessus21 openvas49 cvelist1 gentoo2 ubuntu1 f52 redhat1 freebsd1 securityvulns4 prion1 altlinux1 oraclelinux1 fedora2 ubuntucve1 debiancve1 centos2 slackware1 vmware2 seebug1 kitploit1