CVE-2002-0761 — Bzip2 vulnerability

2 documents2 sources

Severity

2.1LOWNVD

EPSS

0.2%

top 63.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bzip Bzip2

Timeline

PublishedAug 12

Latest updateMay 3

Description

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDbzip/bzip210 versions+9

Patches

Patch: ftp.freebsd.org ↗Patch: www.iss.net ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-453c-44v9-38fg: bzip2 before 1↗2022-05-03

▶