CVE-2009-1884

Name of the Vulnerable Software and Affected Versions: Compress-Raw-Bzip2 module versions prior to 2.018

Description: The issue is related to an off-by-one error in the bzinflate function in Bzip2.xs, which can be exploited by context-dependent attackers to cause a denial of service, resulting in an application hang or crash. This can be achieved through a crafted bzip2 compressed stream that triggers a buffer overflow.

Recommendations: For versions prior to 2.018, update to version 2.018 or later to resolve the issue. As a temporary workaround, consider restricting the use of the bzinflate function in Bzip2.xs to minimize the risk of exploitation.