Lucene search

K
nvd[email protected]NVD:CVE-2008-1372
HistoryMar 18, 2008 - 9:44 p.m.

CVE-2008-1372

2008-03-1821:44:00
CWE-119
web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.4

Confidence

Low

EPSS

0.097

Percentile

94.8%

bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

Affected configurations

NVD
Node
bzipbzip2Match0.9
OR
bzipbzip2Match0.9.5a
OR
bzipbzip2Match0.9.5b
OR
bzipbzip2Match0.9.5c
OR
bzipbzip2Match0.9.5d
OR
bzipbzip2Match0.9_a
OR
bzipbzip2Match0.9_b
OR
bzipbzip2Match0.9_c
OR
bzipbzip2Match1.0
OR
bzipbzip2Match1.0.1
OR
bzipbzip2Match1.0.2
OR
bzipbzip2Match1.0.3

References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.4

Confidence

Low

EPSS

0.097

Percentile

94.8%