CVE-2010-0405

Severity

51%

Complexity

49%

Confidentiality

106%

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.

CVSS 2.0 Base Score 5.1. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P).

Overview

Type

bzip bzip2

First reported 14 years ago

2010-09-28 18:00:00

Last updated 6 years ago

2018-10-10 19:52:00

Affected Software

bzip bzip2 1.0.3

1.0.3

bzip bzip2 1.0.4

1.0.4

References

http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow

http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.3

APPLE-SA-2011-03-21-1

FEDORA-2010-17439

FEDORA-2010-1512

SUSE-SR:2010:018

[oss-security] 20100921 bzip2 CVE-2010-0405 integer overflow

41452

Vendor Advisory

41505

42350

42404

42405

42529

42530

48378

GLSA-201301-05

http://support.apple.com/kb/HT4581

http://www.bzip.org/

RHSA-2010:0703

RHSA-2010:0858

20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console

USN-986-1

USN-986-2

USN-986-3

http://www.vmware.com/security/advisories/VMSA-2010-0019.html

ADV-2010-2455

ADV-2010-3043

ADV-2010-3052

ADV-2010-3073

ADV-2010-3126

ADV-2010-3127

http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/

https://bugzilla.redhat.com/show_bug.cgi?id=627882

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.