CVE-2009-1884

2009-08-1917:30:00

CWE-189

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

Low

EPSS

0.007

Percentile

80.1%

JSON

Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.

Affected configurations

Nvd

Node

bzipcompress-raw-bzip2Range≤2.017

bzipcompress-raw-bzip2Match2.0.00_10

bzipcompress-raw-bzip2Match2.0.00_12

bzipcompress-raw-bzip2Match2.0.00_14

bzipcompress-raw-bzip2Match2.0.01

bzipcompress-raw-bzip2Match2.0.02

bzipcompress-raw-bzip2Match2.0.03

bzipcompress-raw-bzip2Match2.0.05

bzipcompress-raw-bzip2Match2.0.06

bzipcompress-raw-bzip2Match2.0.08

bzipcompress-raw-bzip2Match2.0.09

bzipcompress-raw-bzip2Match2.010

bzipcompress-raw-bzip2Match2.011

bzipcompress-raw-bzip2Match2.012

bzipcompress-raw-bzip2Match2.014

bzipcompress-raw-bzip2Match2.015

AND

perlperl

VendorProductVersionCPE
bzipcompress-raw-bzip2*cpe:2.3:a:bzip:compress-raw-bzip2:*:*:*:*:*:*:*:*
bzipcompress-raw-bzip22.0.00_10cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_10:*:*:*:*:*:*:*
bzipcompress-raw-bzip22.0.00_12cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_12:*:*:*:*:*:*:*
bzipcompress-raw-bzip22.0.00_14cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_14:*:*:*:*:*:*:*
bzipcompress-raw-bzip22.0.01cpe:2.3:a:bzip:compress-raw-bzip2:2.0.01:*:*:*:*:*:*:*
bzipcompress-raw-bzip22.0.02cpe:2.3:a:bzip:compress-raw-bzip2:2.0.02:*:*:*:*:*:*:*
bzipcompress-raw-bzip22.0.03cpe:2.3:a:bzip:compress-raw-bzip2:2.0.03:*:*:*:*:*:*:*
bzipcompress-raw-bzip22.0.05cpe:2.3:a:bzip:compress-raw-bzip2:2.0.05:*:*:*:*:*:*:*
bzipcompress-raw-bzip22.0.06cpe:2.3:a:bzip:compress-raw-bzip2:2.0.06:*:*:*:*:*:*:*
bzipcompress-raw-bzip22.0.08cpe:2.3:a:bzip:compress-raw-bzip2:2.0.08:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bzip	compress-raw-bzip2	*	cpe:2.3:a:bzip:compress-raw-bzip2::::::::
bzip	compress-raw-bzip2	2.0.00_10	cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_10:::::::*
bzip	compress-raw-bzip2	2.0.00_12	cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_12:::::::*
bzip	compress-raw-bzip2	2.0.00_14	cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_14:::::::*
bzip	compress-raw-bzip2	2.0.01	cpe:2.3:a:bzip:compress-raw-bzip2:2.0.01:::::::*
bzip	compress-raw-bzip2	2.0.02	cpe:2.3:a:bzip:compress-raw-bzip2:2.0.02:::::::*
bzip	compress-raw-bzip2	2.0.03	cpe:2.3:a:bzip:compress-raw-bzip2:2.0.03:::::::*
bzip	compress-raw-bzip2	2.0.05	cpe:2.3:a:bzip:compress-raw-bzip2:2.0.05:::::::*
bzip	compress-raw-bzip2	2.0.06	cpe:2.3:a:bzip:compress-raw-bzip2:2.0.06:::::::*
bzip	compress-raw-bzip2	2.0.08	cpe:2.3:a:bzip:compress-raw-bzip2:2.0.08:::::::*