CVE-2002-1196

Name of the Vulnerable Software and Affected Versions: Bugzilla versions 2.14.x through 2.14.3 Bugzilla versions 2.16.x through 2.16.0

Description: The issue arises in the editproducts.cgi script of Bugzilla when the usebuggroups feature is enabled and more than 47 groups are specified. It fails to properly calculate bit values for large numbers due to known features of Perl math, which can set multiple bits. This miscalculation grants extra permissions to users.

Recommendations: For Bugzilla versions 2.14.x through 2.14.3, update to version 2.14.4 or later. For Bugzilla versions 2.16.x through 2.16.0, update to version 2.16.1 or later.