CVE-2009-1884 — Off-by-one Error in Libcompress-raw-bzip2-perl

CWE-193 — Off-by-one Error6 documents6 sources

Severity

4.3MEDIUMNVD

OSV6.8

EPSS

1.3%

top 20.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libcompress-raw-bzip2-perl Bzip Compress-raw-bzip2

Timeline

PublishedAug 19

Latest updateMay 2

Description

Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/libcompress-raw-bzip2-perl< libcompress-raw-bzip2-perl 2.018-1 (bookworm)

▶NVDbzip/compress-raw-bzip22.017+15

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-4x36-p66f-4f99: Off-by-one error in the bzinflate function in Bzip2↗2022-05-02

▶

OSV

CVE-2009-1884: Off-by-one error in the bzinflate function in Bzip2↗2009-08-19

▶

📋Vendor Advisories

Red Hat

perl-Compress-Raw-Bzip2: Off-by-one error in the bzinflate function - DoS (crash)↗2009-08-18

▶

Debian

CVE-2009-1884: libcompress-raw-bzip2-perl - Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2...↗2009

▶

💬Community

Bugzilla

CVE-2009-1884 perl-Compress-Raw-Bzip2: Off-by-one error in the bzinflate function - DoS (crash)↗2009-08-19

▶