Vulnerability Details : CVE-2008-1372
Potential exploit
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2008-1372
- cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9_a:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9_b:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9_c:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:1.0.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-1372
10.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-1372
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2008-1372
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-1372
-
Red Hat 2008-10-17Red Hat has re-evaluated the potential impact of this flaw and has released an update which corrects this behavior: http://rhn.redhat.com/errata/RHSA-2008-0893.html
References for CVE-2008-1372
-
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html
[SECURITY] Fedora 8 Update: bzip2-1.0.4-13.fc8
-
http://www.securitytracker.com/id?1020867
Access Denied
-
http://support.apple.com/kb/HT3757
About the security content of Security Update 2009-003 / Mac OS X v10.5.8 - Apple Support
-
http://kb.vmware.com/kb/1007504
404 - Page Not Found
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467
404 Not Found
-
http://kb.vmware.com/kb/1006982
404 - Page Not Found
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1
-
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
[security-announce] SUSE Security Summary Report SUSE-SR:200?8:011 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118
-
http://kb.vmware.com/kb/1007198
404 - Page Not Found
-
http://www.vupen.com/english/advisories/2008/0915
Site en construction
-
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
Traficomin Kyberturvallisuuskeskus | Kyberturvallisuuskeskus
-
https://usn.ubuntu.com/590-1/
404: Page not found | Ubuntu
-
http://www.kb.cert.org/vuls/id/813451
CERT Vulnerability Notes DatabaseUS Government Resource
-
http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
-
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
-
http://www.securityfocus.com/archive/1/489968/100/0/threaded
-
http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml
bzip2: Denial of service (GLSA 200804-02) — Gentoo security
-
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html
[SECURITY] Fedora 7 Update: bzip2-1.0.4-11.fc7
-
https://bugs.gentoo.org/attachment.cgi?id=146488&action=view
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:075
Mandriva
-
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263
Slackware
-
http://www.securityfocus.com/archive/1/498863/100/0/threaded
-
http://www.bzip.org/CHANGES
bzip2
-
http://security.gentoo.org/glsa/glsa-200903-40.xml
Analog: Denial of service (GLSA 200903-40) — Gentoo security
-
http://www.vupen.com/english/advisories/2009/2172
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.vupen.com/english/advisories/2008/2557
Site en construction
-
http://www.redhat.com/support/errata/RHSA-2008-0893.html
Support
-
http://www.securityfocus.com/bid/28286
Exploit
-
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
Apple Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
http://www.ipcop.org/index.php?name=News&file=article&sid=40
Just a moment...
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/41249
bzip2 archives code execution CVE-2008-1372 Vulnerability Report
-
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067
404 Not Found
Jump to