Уязвимость CVE-2010-0405: Информация

Описание

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.

Важность: MEDIUM (5,1)

Ссылки на рекомендации, решения и инструменты

1. Подверженные конфигурации:

   1. Конфигурация 1

      cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:0.9.5_a:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:0.9.5_d:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:0.9.5_c:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:0.9_a:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:0.9.0a:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:0.9_c:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:1.0.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:1.0.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:libzip2:libzip2:*:*:*:*:*:*:*:*

      End including

      1.0.5

      ---

      cpe:2.3:a:bzip:bzip2:0.9.0c:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:0.9:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:0.9_b:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:0.9.5_b:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:1.0.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:0.9.0b:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:bzip:bzip2:*:*:*:*:*:*:*:*

      End including

      1.0.5

      ---