Lucene search

K

[email protected]CVE-2010-0405

HistorySep 28, 2010 - 6:00 p.m.

CVE-2010-0405

2010-09-2818:00:00

CWE-189

[email protected]

web.nvd.nist.gov

64

cve-2010-0405

integer overflow

bz2_decompress

bzip2

libbzip2

dos

denial of service

arbitrary code execution

nvd

7.6 High

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.4%

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.

CPENameOperatorVersion
bzip:bzip2bzip bzip2eq1.0
bzip:bzip2bzip bzip2eq0.9.5_a
bzip:bzip2bzip bzip2eq0.9.5_d
bzip:bzip2bzip bzip2eq0.9.5_c
bzip:bzip2bzip bzip2eq0.9_a
bzip:bzip2bzip bzip2eq0.9.5d
bzip:bzip2bzip bzip2eq0.9.0a
bzip:bzip2bzip bzip2eq0.9.0
bzip:bzip2bzip bzip2eq0.9_c
bzip:bzip2bzip bzip2eq1.0.3

Rows per page:

1-10 of 231

References

blogs.sun.com/security/entry/cve_2010_0405_integer_overflow

git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3

lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html

lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html

marc.info/?l=oss-security&m=128506868510655&w=2

secunia.com/advisories/41452

secunia.com/advisories/41505

secunia.com/advisories/42350

secunia.com/advisories/42404

secunia.com/advisories/42405

secunia.com/advisories/42529

secunia.com/advisories/42530

secunia.com/advisories/48378

security.gentoo.org/glsa/glsa-201301-05.xml

support.apple.com/kb/HT4581

www.bzip.org/

www.redhat.com/support/errata/RHSA-2010-0703.html

www.redhat.com/support/errata/RHSA-2010-0858.html

www.securityfocus.com/archive/1/515055/100/0/threaded

www.ubuntu.com/usn/usn-986-1

www.ubuntu.com/usn/USN-986-2

www.ubuntu.com/usn/USN-986-3

www.vmware.com/security/advisories/VMSA-2010-0019.html

www.vupen.com/english/advisories/2010/2455

www.vupen.com/english/advisories/2010/3043

www.vupen.com/english/advisories/2010/3052

www.vupen.com/english/advisories/2010/3073

www.vupen.com/english/advisories/2010/3126

www.vupen.com/english/advisories/2010/3127

xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/

bugzilla.redhat.com/show_bug.cgi?id=627882

wwws.clamav.net/bugzilla/show_bug.cgi?id=2230

wwws.clamav.net/bugzilla/show_bug.cgi?id=2231

7.6 High

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.4%

Related for CVE-2010-0405

openvas45 fedora7 nessus39 freebsd1 debiancve1 ubuntu3 osv1 oraclelinux2 redhat2 f52 freebsd_advisory1 veracode1 ibm1 slackware1 centos1 debian2 altlinux1 securityvulns6 prion1 gentoo2 ubuntucve1 vmware4