CVE-2002-0759 — Bzip2 vulnerability

2 documents2 sources

Severity

5.0MEDIUMNVD

EPSS

0.8%

top 25.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bzip Bzip2

Timeline

PublishedAug 12

Latest updateMay 3

Description

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDbzip/bzip210 versions+9

Patches

Patch: ftp.freebsd.org ↗Patch: www.iss.net ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-g25w-q4r5-m36r: bzip2 before 1↗2022-05-03

▶