CVE-2005-1260 — Uncontrolled Resource Consumption in Bzip2

CWE-400 — Uncontrolled Resource Consumption8 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

9.8%

top 7.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bzip Bzip2 Apple MAC OS X Debian Bzip2 +2 more

Timeline

PublishedMay 19

Latest updateMay 3

Description

bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDbzip/bzip2< 1.0.3

▶debiandebian/bzip2< bzip2 1.0.2-7 (bookworm)

▶Debianbzip/bzip2< 1.0.2-7+3

▶NVDapple/mac_os_x< 10.4.11

Also affects: Debian Linux 3.0, 3.1, Ubuntu Linux 4.10, 5.04

🔴Vulnerability Details

GHSA

GHSA-q292-6rrq-qv64: bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a↗2022-05-03

▶

OSV

CVE-2005-1260: bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a↗2005-05-19

▶

📋Vendor Advisories

BSD

FreeBSD-SA-05:14.bzip2: bzip2 denial of service and permission race vulnerabilities↗2005-06-29

▶

Ubuntu

bzip2 vulnerabilities↗2005-05-17

▶

Red Hat

security flaw↗2005-02-15

▶

Debian

CVE-2005-1260: bzip2 - bzip2 allows remote attackers to cause a denial of service (hard drive consumpti...↗2005

▶

💬Community

Bugzilla

CVE-2005-1260 security flaw↗2018-08-16

▶