bzip bzip2 1.0.1

CPE Details

bzip bzip2 1.0.1
bzip
bzip2
1.0.1
2020-11-17
19h37 +00:00
2020-11-17
19h37 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*

Informations

Vendor

bzip

Product

bzip2

Version

1.0.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-12900 2019-06-19 20h07 +00:00 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
9.8
Critical
CVE-2011-4089 2014-04-16 16h00 +00:00 The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
4.6
CVE-2010-0405 2010-09-28 15h00 +00:00 Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
5.1
CVE-2008-1372 2008-03-18 20h00 +00:00 bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
4.3
CVE-2005-1260 2005-05-19 02h00 +00:00 bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
5
CVE-2005-0953 2005-04-03 03h00 +00:00 Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
3.7
CVE-2002-0759 2003-04-02 03h00 +00:00 bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.
5
CVE-2002-0760 2003-04-02 03h00 +00:00 Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
1.2
CVE-2002-0761 2003-04-02 03h00 +00:00 bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.
2.1