cbcvebase.
CVE-2016-3189
published 2016-06-30

CVE-2016-3189: Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to…

PriorityP334medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
15.68%
96.4th percentile
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.

Affected

17 ranges
VendorProductVersion rangeFixed in
bzipbzip2
bzipbzip2>= 0 < 1.0.6-8.11.0.6-8.1
bzipbzip2>= 0 < 1.0.6-8.11.0.6-8.1
bzipbzip2>= 0 < 1.0.6-8.11.0.6-8.1
bzipbzip2>= 0 < 1.0.6-8.11.0.6-8.1
bzipbzip2>= 0 < 1.0.6-8ubuntu0.11.0.6-8ubuntu0.1
bzipbzip2>= 0 < 1.0.6-8.1ubuntu0.11.0.6-8.1ubuntu0.1
bzipbzip2>= 0 < 1.0.6-5ubuntu0.1~esm11.0.6-5ubuntu0.1~esm1
debianbzip2< bzip2 1.0.6-8.1 (bookworm)bzip2 1.0.6-8.1 (bookworm)
msrcazl3_perl-compress-bzip2_2.28-3_on_azure_linux_3.0
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccm1_bzip2_1.0.6-15_on_cbl_mariner_1.0
pythonpython>= 3.10.0 < 3.10.33.10.3
pythonpython>= 3.7.0 < 3.7.133.7.13
pythonpython>= 3.8.0 < 3.8.133.8.13
pythonpython>= 3.9.0 < 3.9.113.9.11

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5LOW
vendor_msrc6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.