CVE - CVE-2008-1372

CVE-ID
CVE-2008-1372	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2 URL:http://www.securityfocus.com/archive/1/498863/100/0/threaded BUGTRAQ:20080321 rPSA-2008-0118-1 bzip2 URL:http://www.securityfocus.com/archive/1/489968/100/0/threaded MISC:http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/ CONFIRM:https://bugs.gentoo.org/attachment.cgi?id=146488&action=view CONFIRM:http://www.bzip.org/CHANGES CONFIRM:http://www.ipcop.org/index.php?name=News&file=article&sid=40 CONFIRM:http://kb.vmware.com/kb/1006982 CONFIRM:http://kb.vmware.com/kb/1007198 CONFIRM:http://kb.vmware.com/kb/1007504 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118 CONFIRM:http://support.apple.com/kb/HT3757 APPLE:APPLE-SA-2009-08-05-1 URL:http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html FEDORA:FEDORA-2008-2970 URL:https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html FEDORA:FEDORA-2008-3037 URL:https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html GENTOO:GLSA-200804-02 URL:http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml GENTOO:GLSA-200903-40 URL:http://security.gentoo.org/glsa/glsa-200903-40.xml MANDRIVA:MDVSA-2008:075 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:075 NETBSD:NetBSD-SA2008-004 URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc REDHAT:RHSA-2008:0893 URL:http://www.redhat.com/support/errata/RHSA-2008-0893.html SLACKWARE:SSA:2008-098-02 URL:http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263 SUNALERT:241786 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1 SUSE:SUSE-SR:2008:011 URL:http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html UBUNTU:USN-590-1 URL:https://usn.ubuntu.com/590-1/ CERT:TA09-218A URL:http://www.us-cert.gov/cas/techalerts/TA09-218A.html CERT-VN:VU#813451 URL:http://www.kb.cert.org/vuls/id/813451 BID:28286 URL:http://www.securityfocus.com/bid/28286 OVAL:oval:org.mitre.oval:def:10067 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067 OVAL:oval:org.mitre.oval:def:6467 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467 SECUNIA:29497 URL:http://secunia.com/advisories/29497 SECUNIA:36096 URL:http://secunia.com/advisories/36096 VUPEN:ADV-2008-0915 URL:http://www.vupen.com/english/advisories/2008/0915 VUPEN:ADV-2008-2557 URL:http://www.vupen.com/english/advisories/2008/2557 SECTRACK:1020867 URL:http://www.securitytracker.com/id?1020867 SECUNIA:29475 URL:http://secunia.com/advisories/29475 SECUNIA:29410 URL:http://secunia.com/advisories/29410 SECUNIA:29506 URL:http://secunia.com/advisories/29506 SECUNIA:29677 URL:http://secunia.com/advisories/29677 SECUNIA:29698 URL:http://secunia.com/advisories/29698 SECUNIA:29656 URL:http://secunia.com/advisories/29656 SECUNIA:29940 URL:http://secunia.com/advisories/29940 SECUNIA:31204 URL:http://secunia.com/advisories/31204 SECUNIA:31869 URL:http://secunia.com/advisories/31869 SECUNIA:31878 URL:http://secunia.com/advisories/31878 VUPEN:ADV-2009-2172 URL:http://www.vupen.com/english/advisories/2009/2172 XF:bzip2-archives-code-execution(41249) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41249
Assigning CNA
N/A
Date Entry Created
20080318	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080318)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org