CVE-2016-3189Use After Free in Bzip2

CWE-416Use After Free18 documents10 sources
Severity
6.5MEDIUMNVD
OSV5.5
EPSS
23.7%
top 3.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Bzip Bzip2PythonDebian Bzip2+4 more
Timeline
PublishedJun 30
Latest updateDec 14

Description

Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages9 packages

debiandebian/bzip2< bzip2 1.0.6-8.1 (bookworm)
Debianbzip/bzip2< 1.0.6-8.1+3
Ubuntubzip/bzip2< 1.0.6-8ubuntu0.1+2
NVDbzip/bzip21.0.6

🔴Vulnerability Details

5
GHSA
GHSA-mg3q-2g68-qp7w: Use-after-free vulnerability in bzip2recover in bzip2 12022-05-13
OSV
bzip2 vulnerabilities2019-06-26
OSV
bzip2 vulnerabilities2019-06-26
OSV
linux-lts-xenial vulnerabilities2017-02-03
OSV
CVE-2016-3189: Use-after-free vulnerability in bzip2recover in bzip2 12016-06-30

📋Vendor Advisories

7
CISA ICS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.12023-12-14
BSD
FreeBSD-SA-19:18.bzip2: Multiple vulnerabilities in bzip22019-08-06
Ubuntu
bzip2 vulnerabilities2019-06-26
Ubuntu
bzip2 vulnerabilities2019-06-26
Red Hat
bzip2: heap use after free in bzip2recover2016-06-20

💬Community

5
Bugzilla
bzip2: index out of bounds [@BZ2_decompress]2016-08-15
Bugzilla
CVE-2016-3189 mingw-bzip2: bzip2: heap use after free in bzip2recover [fedora-all]2016-06-20
Bugzilla
CVE-2016-3189 bzip2: heap use after free in bzip2recover [fedora-all]2016-06-20
Bugzilla
CVE-2016-3189 mingw-bzip2: bzip2: heap use after free in bzip2recover [epel-7]2016-06-20
Bugzilla
CVE-2016-3189 bzip2: heap use after free in bzip2recover2016-03-21
CVE-2016-3189 — Use After Free in Debian Bzip2 | cvebase