8.2 High
AI Score
Confidence
High
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.027 Low
EPSS
Percentile
89.5%
Description
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. (CVE-2010-0405)
Impact
This vulnerability may allow unauthorized users to disclose or modify information or allow a disruption of service.
Status
F5 Product Development has assigned ID 339396 (BIG-IP) and ID 474395 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.
To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:
Product | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature |
---|---|---|---|
BIG-IP LTM | 10.0.0 - 10.2.4 | 11.0.0 - 11.6.0 | |
bzip2 utility | |||
BIG-IP AAM | None | 11.4.0 - 11.6.0 | |
None | |||
BIG-IP AFM | None | 11.3.0 - 11.6.0 | |
None | |||
BIG-IP Analytics | None | 11.0.0 - 11.6.0 | |
None | |||
BIG-IP APM | 10.1.0 - 10.2.4 | 11.0.0 - 11.6.0 | |
bzip2 utility | |||
BIG-IP ASM | 10.0.0 - 10.2.4 | 11.0.0 - 11.6.0 | bzip2 utility |
BIG-IP Edge Gateway | |||
10.1.0 - 10.2.4 | 11.0.0 - 11.3.0 | bzip2 utility | |
BIG-IP GTM | 10.0.0 - 10.2.4 | 11.0.0 - 11.6.0 | bzip2 utility |
BIG-IP Link Controller | 10.0.0 - 10.2.4 | 11.0.0 - 11.6.0 | |
bzip2 utility | |||
BIG-IP PEM | None | ||
11.3.0 - 11.6.0 | |||
None | |||
BIG-IP PSM | 10.0.0 - 10.2.4 | 11.0.0 - 11.4.1 | bzip2 utility |
BIG-IP WebAccelerator | 10.0.0 - 10.2.4 | 11.0.0 - 11.3.0 | bzip2 utility |
BIG-IP WOM | 10.0.0 - 10.2.4 | 11.0.0 - 11.3.0 | bzip2 utility |
ARX | None | ||
6.0.0 - 6.4.0 | None |
Enterprise Manager| 2.1.0 - 2.3.0| 3.0.0 - 3.1.1| bzip2 utility
FirePass| None| 7.0.0
6.0.0 - 6.1.0| None
BIG-IQ Cloud| None
| 4.0.0 - 4.4.0
| None
BIG-IQ Device| None
| 4.2.0 - 4.4.0
| None
BIG-IQ Security| None
| 4.0.0 - 4.4.0
| None
Recommended action
BIG-IP and Enterprise Manager
If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.
Supplemental Information