cbcvebase.
CVE-2011-4089
published 2014-04-16

CVE-2011-4089: The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local…

PriorityP426medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
1.04%
59.8th percentile
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

Affected

10 ranges
VendorProductVersion rangeFixed in
bzipbzip2<= 1.0.4
bzipbzip2
bzipbzip2
bzipbzip2
bzipbzip2
bzipbzip2>= 0 < 1.0.6-11.0.6-1
bzipbzip2>= 0 < 1.0.6-11.0.6-1
bzipbzip2>= 0 < 1.0.6-11.0.6-1
bzipbzip2>= 0 < 1.0.6-11.0.6-1
debianbzip2< bzip2 1.0.6-1 (bookworm)bzip2 1.0.6-1 (bookworm)

CVSS provenance

nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6LOW
vendor_redhat4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.