CVE-2010-0405Integer Overflow or Wraparound in Bzip2

CWE-189CWE-190Integer Overflow or Wraparound12 documents9 sources
Severity
5.1MEDIUMNVD
EPSS
7.7%
top 8.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Bzip Bzip2ClamavDebian Bzip2+7 more
Timeline
PublishedSep 28
Latest updateMay 2

Description

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages11 packages

debiandebian/bzip2< bzip2 1.0.5-6 (bookworm)
Debianbzip/bzip2< 1.0.5-6+3
NVDbzip/bzip21.0.5+21
NVDlibzip2/libzip21.0.5
debiandebian/clamav< bzip2 1.0.5-6 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-44gv-7gp8-m9mw: Integer overflow in the BZ2_decompress function in decompress2022-05-02
OSV
CVE-2010-0405: Integer overflow in the BZ2_decompress function in decompress2010-09-28

📋Vendor Advisories

7
VMware
VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues2012-03-15
Ubuntu
dpkg vulnerability2010-09-20
Ubuntu
ClamAV vulnerability2010-09-20
Ubuntu
bzip2 vulnerability2010-09-20
BSD
FreeBSD-SA-10:08.bzip2: Integer overflow in bzip2 decompression2010-09-20

💬Community

2
Bugzilla
Update bzip2 in tree to 1.0.62016-06-14
Bugzilla
CVE-2010-0405 bzip2: integer overflow flaw in BZ2_decompress2010-08-27
CVE-2010-0405 — Integer Overflow or Wraparound in Bzip2 | cvebase