CVE-2016-3189
published 2016-06-30CVE-2016-3189: Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to…
PriorityP334medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
15.68%
96.4th percentile
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bzip | bzip2 | — | — |
| bzip | bzip2 | >= 0 < 1.0.6-8.1 | 1.0.6-8.1 |
| bzip | bzip2 | >= 0 < 1.0.6-8.1 | 1.0.6-8.1 |
| bzip | bzip2 | >= 0 < 1.0.6-8.1 | 1.0.6-8.1 |
| bzip | bzip2 | >= 0 < 1.0.6-8.1 | 1.0.6-8.1 |
| bzip | bzip2 | >= 0 < 1.0.6-8ubuntu0.1 | 1.0.6-8ubuntu0.1 |
| bzip | bzip2 | >= 0 < 1.0.6-8.1ubuntu0.1 | 1.0.6-8.1ubuntu0.1 |
| bzip | bzip2 | >= 0 < 1.0.6-5ubuntu0.1~esm1 | 1.0.6-5ubuntu0.1~esm1 |
| debian | bzip2 | < bzip2 1.0.6-8.1 (bookworm) | bzip2 1.0.6-8.1 (bookworm) |
| msrc | azl3_perl-compress-bzip2_2.28-3_on_azure_linux_3.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_bzip2_1.0.6-15_on_cbl_mariner_1.0 | — | — |
| python | python | >= 3.10.0 < 3.10.3 | 3.10.3 |
| python | python | >= 3.7.0 < 3.7.13 | 3.7.13 |
| python | python | >= 3.8.0 < 3.8.13 | 3.8.13 |
| python | python | >= 3.9.0 < 3.9.11 | 3.9.11 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5LOW
vendor_msrc6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mg3q-2g68-qp7w: Use-after-free vulnerability in bzip2recover in bzip2 1
ghsa_unreviewed·2022-05-13
CVE-2016-3189 [MEDIUM] CWE-416 GHSA-mg3q-2g68-qp7w: Use-after-free vulnerability in bzip2recover in bzip2 1
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
OSV
bzip2 vulnerabilities
osv·2019-06-26·CVSS 6.5
CVE-2016-3189 [MEDIUM] bzip2 vulnerabilities
bzip2 vulnerabilities
USN-4038-1 fixed several vulnerabilities in bzip2. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
Aladdin Mubaied discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2016-3189)
It was discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-12900)
OSV
bzip2 vulnerabilities
osv·2019-06-26·CVSS 6.5
CVE-2016-3189 [MEDIUM] bzip2 vulnerabilities
bzip2 vulnerabilities
Aladdin Mubaied discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3189)
It was discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-12900)
OSV
linux-lts-xenial vulnerabilities
osv·2017-02-03·CVSS 5.5
linux-lts-xenial vulnerabilities
linux-lts-xenial vulnerabilities
USN-3189-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
Mikulas Patocka discovered that the asynchronous multibuffer cryptographic
daemon (mcryptd) in the Linux kernel did not properly handle being invoked
with incompatible algorithms. A local attacker could use this to cause a
denial of service (system crash). (CVE-2016-10147)
Qidan He discovered that the ICMP implementation in the Linux kernel did
not properly check the size of an ICMP header. A local attacker with
CAP_NET_ADMIN could use this to expose sensitive information.
(CVE-2016-8399)
OSV
CVE-2016-3189: Use-after-free vulnerability in bzip2recover in bzip2 1
osv·2016-06-30·CVSS 6.5
CVE-2016-3189 [MEDIUM] CVE-2016-3189: Use-after-free vulnerability in bzip2recover in bzip2 1
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
CISA ICS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
cisa_ics·2023-12-14
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
ICS Advisory
##
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Release DateDecember 14, 2023
Alert CodeICSA-23-348-10
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
- Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Miss
BSD
FreeBSD-SA-19:18.bzip2: Multiple vulnerabilities in bzip2
bsd_advisories·2019-08-06·CVSS 6.5
CVE-2016-3189 [MEDIUM] FreeBSD-SA-19:18.bzip2: Multiple vulnerabilities in bzip2
FreeBSD-SA-19:18.bzip2 Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in bzip2
Category: contrib
Module: bzip2
Announced: 2019-08-06
Affects: All supported versions of FreeBSD.
Corrected: 2019-07-04 07:29:18 UTC (stable/12, 12.0-STABLE)
2019-08-06 17:09:47 UTC (releng/12.0, 12.0-RELEASE-p9)
2019-07-04 07:32:25 UTC (stable/11, 11.3-STABLE)
2019-08-06 17:09:47 UTC (releng/11.3, 11.3-RELEASE-p2)
2019-08-06 17:09:47 UTC (releng/11.2, 11.2-RELEASE-p13)
CVE Name: CVE-2016-3189, CVE-2019-12900
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
The bzip2(1)/bunzip2(1) utilities and the libbz2 library compress and
decompress files using an a
Ubuntu
bzip2 vulnerabilities
vendor_ubuntu·2019-06-26·CVSS 6.5
CVE-2016-3189 [MEDIUM] bzip2 vulnerabilities
Title: bzip2 vulnerabilities
Summary: Several security issues were fixed in bzip2.
Aladdin Mubaied discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3189)
It was discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-12900)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
bzip2 vulnerabilities
vendor_ubuntu·2019-06-26·CVSS 6.5
CVE-2016-3189 [MEDIUM] bzip2 vulnerabilities
Title: bzip2 vulnerabilities
Summary: Several security issues were fixed in bzip2.
USN-4038-1 fixed several vulnerabilities in bzip2. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
Aladdin Mubaied discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2016-3189)
It was discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-12900)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
bzip2: heap use after free in bzip2recover
vendor_redhat·2016-06-20·CVSS 6.5
CVE-2016-3189 [MEDIUM] CWE-416 bzip2: heap use after free in bzip2recover
bzip2: heap use after free in bzip2recover
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
A use-after-free flaw was found in bzip2recover, leading to a null pointer dereference, or a write to a closed file descriptor. An attacker could use this flaw by sending a specially crafted bzip2 file to recover and force the program to crash.
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: b
Microsoft
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file related to block ends set to before the start of the b
vendor_msrc·2016-06-14·CVSS 6.5
CVE-2016-3189 [MEDIUM] Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file related to block ends set to before the start of the b
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file related to block ends set to before the start of the block.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will updat
Debian
CVE-2016-3189: bzip2 - Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attack...
vendor_debian·2016·CVSS 6.5
CVE-2016-3189 [MEDIUM] CVE-2016-3189: bzip2 - Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attack...
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
Scope: local
bookworm: resolved (fixed in 1.0.6-8.1)
bullseye: resolved (fixed in 1.0.6-8.1)
forky: resolved (fixed in 1.0.6-8.1)
sid: resolved (fixed in 1.0.6-8.1)
trixie: resolved (fixed in 1.0.6-8.1)
No detection rules found.
No public exploits indexed.
Bugzilla
bzip2: index out of bounds [@BZ2_decompress]
bugzilla·2016-08-15·CVSS 6.5
[MEDIUM] bzip2: index out of bounds [@BZ2_decompress]
bzip2: index out of bounds [@BZ2_decompress]
Created attachment 8781246
test_case.bz2
This was found while fuzzing bzip2 1.0.6. I was using a 32-bit build with UBSan.
To build I used:
CFLAGS="-fsanitize=undefined -fno-sanitize-recover=undefined -m32 -g" LDFLAGS="-m32 -fsanitize=undefined" make
To run:
$ UBSAN_OPTIONS=print_stacktrace=1 ./bzip2 -dkc test_case.bz2
decompress.c:299:10: runtime error: index 18002 out of bounds for type 'UChar [18002]'
#0 0x81cfa1e in BZ2_decompress /home/user/Desktop/bzip2-1.0.6/decompress.c:299:28
#1 0x816830a in BZ2_bzDecompress /home/user/Desktop/bzip2-1.0.6/bzlib.c:843:20
#2 0x817519d in BZ2_bzRead /home/user/Desktop/bzip2-1.0.6/bzlib.c:1201:13
#3 0x814389c in uncompressStream /home/user/Desktop/bzip2-1.0.6/bzip2.c:462:18
#4 0x814389c in uncompress /h
Bugzilla
CVE-2016-3189 mingw-bzip2: bzip2: heap use after free in bzip2recover [fedora-all]
bugzilla·2016-06-20·CVSS 6.5
CVE-2016-3189 [MEDIUM] CVE-2016-3189 mingw-bzip2: bzip2: heap use after free in bzip2recover [fedora-all]
CVE-2016-3189 mingw-bzip2: bzip2: heap use after free in bzip2recover [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported version
Bugzilla
CVE-2016-3189 bzip2: heap use after free in bzip2recover [fedora-all]
bugzilla·2016-06-20·CVSS 6.5
CVE-2016-3189 [MEDIUM] CVE-2016-3189 bzip2: heap use after free in bzip2recover [fedora-all]
CVE-2016-3189 bzip2: heap use after free in bzip2recover [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora.
Bugzilla
CVE-2016-3189 mingw-bzip2: bzip2: heap use after free in bzip2recover [epel-7]
bugzilla·2016-06-20·CVSS 6.5
CVE-2016-3189 [MEDIUM] CVE-2016-3189 mingw-bzip2: bzip2: heap use after free in bzip2recover [epel-7]
CVE-2016-3189 mingw-bzip2: bzip2: heap use after free in bzip2recover [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-tracking-bugs]
Bugzilla
CVE-2016-3189 bzip2: heap use after free in bzip2recover
bugzilla·2016-03-21·CVSS 6.5
CVE-2016-3189 [MEDIUM] CVE-2016-3189 bzip2: heap use after free in bzip2recover
CVE-2016-3189 bzip2: heap use after free in bzip2recover
A heap use after free vulnerability was reported in bzip2recover. A maliciously crafted file could cause the application to crash.
Proposed patch attached.
== ASAN output & backtrace ==
bzip2recover 1.0.6: extracts blocks from damaged .bz2 files.
/opt/bzip-asan/bin/bzip2recover: searching for block boundaries ...
block 1 runs from 176 to 175
block 2 runs from 224 to 871
block 3 runs from 920 to 919
block 4 runs from 968 to 1024 (incomplete)
bzip2recover: splitting into blocks
writing block 2 to `crasherfile1' ...
Program received signal SIGSEGV, Segmentation fault.
==8476== ERROR: AddressSanitizer: heap-use-after-free on address 0x60060000ef8c at pc 0x40277c bp 0x7fff7f1afe90 sp 0x7fff7f1afe80
READ of size 4 at 0x60060000ef8c thre
http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.htmlhttp://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.htmlhttp://www.openwall.com/lists/oss-security/2016/06/20/1http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlhttp://www.securityfocus.com/bid/91297http://www.securitytracker.com/id/1036132https://bugzilla.redhat.com/show_bug.cgi?id=1319648https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2019/06/msg00021.htmlhttps://seclists.org/bugtraq/2019/Aug/4https://seclists.org/bugtraq/2019/Jul/22https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.aschttps://security.gentoo.org/glsa/201708-08https://usn.ubuntu.com/4038-1/https://usn.ubuntu.com/4038-2/https://www.oracle.com/security-alerts/cpuoct2020.htmlhttp://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.htmlhttp://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.htmlhttp://www.openwall.com/lists/oss-security/2016/06/20/1http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlhttp://www.securityfocus.com/bid/91297http://www.securitytracker.com/id/1036132https://bugzilla.redhat.com/show_bug.cgi?id=1319648https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2019/06/msg00021.htmlhttps://seclists.org/bugtraq/2019/Aug/4https://seclists.org/bugtraq/2019/Jul/22https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.aschttps://security.gentoo.org/glsa/201708-08https://usn.ubuntu.com/4038-1/https://usn.ubuntu.com/4038-2/https://www.oracle.com/security-alerts/cpuoct2020.html
2016-06-30
Published