9.8

CVE-2019-12900

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BzipBzip2 Version <= 1.0.6
DebianDebian Linux Version8.0
OpensuseLeap Version15.0
OpensuseLeap Version15.1
CanonicalUbuntu Linux Version12.04
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.04
FreebsdFreebsd Version11.2 Update-
FreebsdFreebsd Version11.2 Updatep10
FreebsdFreebsd Version11.2 Updatep11
FreebsdFreebsd Version11.2 Updatep12
FreebsdFreebsd Version11.2 Updatep2
FreebsdFreebsd Version11.2 Updatep3
FreebsdFreebsd Version11.2 Updatep4
FreebsdFreebsd Version11.2 Updatep5
FreebsdFreebsd Version11.2 Updatep6
FreebsdFreebsd Version11.2 Updatep7
FreebsdFreebsd Version11.2 Updatep8
FreebsdFreebsd Version11.2 Updatep9
FreebsdFreebsd Version11.2 Updaterc3
FreebsdFreebsd Version11.3 Update-
FreebsdFreebsd Version11.3 Updatep1
FreebsdFreebsd Version12.0 Update-
FreebsdFreebsd Version12.0 Updatep1
FreebsdFreebsd Version12.0 Updatep2
FreebsdFreebsd Version12.0 Updatep3
FreebsdFreebsd Version12.0 Updatep4
FreebsdFreebsd Version12.0 Updatep5
FreebsdFreebsd Version12.0 Updatep6
FreebsdFreebsd Version12.0 Updatep7
FreebsdFreebsd Version12.0 Updatep8
PythonPython Version >= 3.7.0 < 3.7.13
PythonPython Version >= 3.8.0 < 3.8.13
PythonPython Version >= 3.9.0 < 3.9.11
PythonPython Version >= 3.10.0 < 3.10.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.04% 0.94
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.oracle.com/security-alerts/cpuoct2020.html
Patch
Third Party Advisory
http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/Aug/4
Patch
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/Jul/22
Third Party Advisory
Mailing List
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc
Patch
Third Party Advisory
https://usn.ubuntu.com/4038-1/
Third Party Advisory
https://usn.ubuntu.com/4038-2/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html
Third Party Advisory
Mailing List
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
Patch
Vendor Advisory
https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E
https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html
Third Party Advisory
Mailing List
https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4146-1/
Third Party Advisory
https://usn.ubuntu.com/4146-2/
Third Party Advisory