PT-2016-3293 · Julian Seward+8 · Bzip2+8

Publicado

2016-06-30

·

Atualizado

2025-11-14

·

CVE-2019-12900

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions bzip2 versions 1.0.6 and earlier
Description The issue is related to an out-of-bounds write in the BZ2 decompress function in decompress.c when there are many selectors. This can lead to memory corruption, resulting in a denial of service and/or remote code execution. Network services or command line utilities decompressing untrusted bzip2 payloads are affected. The exploitation of this bug relies on an undefined behavior that appears to be handled safely by current compilers.
Recommendations For bzip2 versions 1.0.6 and earlier, consider updating to a newer version to mitigate the risk. As a temporary workaround, restrict access to untrusted bzip2 payloads to minimize the risk of exploitation. Avoid using the BZ2 decompress function in decompress.c until the issue is resolved.

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALSA-2024:8922
ALSA-2025:0733
ALSA-2025:0925
ALT-PU-2019-2602
ALT-PU-2019-2613
ALT-PU-2020-1417
ALT-PU-2020-3317
ALT-PU-2020-3353
ALT-PU-2022-1530
ALT-PU-2023-1518
ALT-PU-2024-2598
ALT-PU-2024-3474
BDU:2019-02881
CESA-2024_8922
CESA-2025_0733
CVE-2019-12900
DLA-1833-1
DLA-1833-2
DLA-1953-1
DLA-1953-2
HSEC-2024-0002
INFSA-2024_8922
INFSA-2025_0733
INFSA-2025_0925
MGASA-2019-0328
MGASA-2019-0338
OPENSUSE-SU-2019:1781-1
OPENSUSE-SU-2019:1918-1
OPENSUSE-SU-2019:2595-1
OPENSUSE-SU-2019:2597-1
OPENSUSE-SU-2019_1781-1
OPENSUSE-SU-2019_1918-1
OPENSUSE-SU-2019_2595-1
OPENSUSE-SU-2019_2597-1
OPENSUSE-SU-2020:2268-1
OPENSUSE-SU-2020:2276-1
OPENSUSE-SU-2020_2268-1
OPENSUSE-SU-2020_2276-1
OPENSUSE-SU-2024:10667-1
OPENSUSE-SU-2024:10685-1
PSF-2016-5
PSF-2019-4
RHSA-2024:10803
RHSA-2024:8922
RHSA-2024_8922
RHSA-2025:0733
RHSA-2025:0925
RHSA-2025_0733
RHSA-2025_0925
RLSA-2024:8922
RLSA-2025:0733
RLSA-2025:0925
SUSE-SU-2019:14122-1
SUSE-SU-2019:14139-1
SUSE-SU-2019:14231-1
SUSE-SU-2019:1846-1
SUSE-SU-2019:1955-1
SUSE-SU-2019:2004-1
SUSE-SU-2019:2013-1
SUSE-SU-2019:2013-2
SUSE-SU-2019:3053-1
SUSE-SU-2019:3066-1
SUSE-SU-2019_14122-1
SUSE-SU-2019_14139-1
SUSE-SU-2019_14231-1
SUSE-SU-2019_1846-1
SUSE-SU-2019_2013-1
SUSE-SU-2020:3729-1
SUSE-SU-2020:3790-1
SUSE-SU-2020:3918-1
SUSE-SU-2020_3918-1
USN-4038-1
USN-4038-2
USN-4038-3
USN-4038-4
USN-4146-1
USN-4146-2

Produtos afetados

Alt Linux
Almalinux
Centos
Freebsd
Red Hat
Rocky Linux
Suse
Ubuntu
Bzip2