CVE - CVE-2008-1372

CVE-ID
CVE-2008-1372	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2009-08-05-1 URL:http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html BID:28286 URL:http://www.securityfocus.com/bid/28286 BUGTRAQ:20080321 rPSA-2008-0118-1 bzip2 URL:http://www.securityfocus.com/archive/1/489968/100/0/threaded BUGTRAQ:20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2 URL:http://www.securityfocus.com/archive/1/498863/100/0/threaded CERT:TA09-218A URL:http://www.us-cert.gov/cas/techalerts/TA09-218A.html CERT-VN:VU#813451 URL:http://www.kb.cert.org/vuls/id/813451 CONFIRM:http://kb.vmware.com/kb/1006982 CONFIRM:http://kb.vmware.com/kb/1007198 CONFIRM:http://kb.vmware.com/kb/1007504 CONFIRM:http://support.apple.com/kb/HT3757 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118 CONFIRM:http://www.bzip.org/CHANGES CONFIRM:http://www.ipcop.org/index.php?name=News&file=article&sid=40 CONFIRM:https://bugs.gentoo.org/attachment.cgi?id=146488&action=view FEDORA:FEDORA-2008-2970 URL:https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html FEDORA:FEDORA-2008-3037 URL:https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html GENTOO:GLSA-200804-02 URL:http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml GENTOO:GLSA-200903-40 URL:http://security.gentoo.org/glsa/glsa-200903-40.xml MANDRIVA:MDVSA-2008:075 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:075~~ (Obsolete source) MISC:http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/ NETBSD:NetBSD-SA2008-004 URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc OVAL:oval:org.mitre.oval:def:10067 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067 OVAL:oval:org.mitre.oval:def:6467 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467 REDHAT:RHSA-2008:0893 URL:http://www.redhat.com/support/errata/RHSA-2008-0893.html SECTRACK:1020867 URL:http://www.securitytracker.com/id?1020867 SECUNIA:29410 URL:http://secunia.com/advisories/29410 SECUNIA:29475 URL:http://secunia.com/advisories/29475 SECUNIA:29497 URL:http://secunia.com/advisories/29497 SECUNIA:29506 URL:http://secunia.com/advisories/29506 SECUNIA:29656 URL:http://secunia.com/advisories/29656 SECUNIA:29677 URL:http://secunia.com/advisories/29677 SECUNIA:29698 URL:http://secunia.com/advisories/29698 SECUNIA:29940 URL:http://secunia.com/advisories/29940 SECUNIA:31204 URL:http://secunia.com/advisories/31204 SECUNIA:31869 URL:http://secunia.com/advisories/31869 SECUNIA:31878 URL:http://secunia.com/advisories/31878 SECUNIA:36096 URL:http://secunia.com/advisories/36096 SLACKWARE:SSA:2008-098-02 URL:http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263 SUNALERT:241786 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1~~ (Obsolete source) SUSE:SUSE-SR:2008:011 URL:http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html UBUNTU:USN-590-1 URL:https://usn.ubuntu.com/590-1/ VUPEN:ADV-2008-0915 URL:~~http://www.vupen.com/english/advisories/2008/0915~~ (Obsolete source) VUPEN:ADV-2008-2557 URL:~~http://www.vupen.com/english/advisories/2008/2557~~ (Obsolete source) VUPEN:ADV-2009-2172 URL:~~http://www.vupen.com/english/advisories/2009/2172~~ (Obsolete source) XF:bzip2-archives-code-execution(41249) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41249
Assigning CNA
MITRE Corporation
Date Record Created
20080318	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080318)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)