-
Notifications
You must be signed in to change notification settings - Fork 18
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
a676942
commit dba444a
Showing
3 changed files
with
52 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../bzlib/HSEC-2024-0002.md |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../bzlib/HSEC-2024-0002.md |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
```toml | ||
[advisory] | ||
id = "HSEC-2024-0002" | ||
cwe = [787] | ||
keywords = ["corruption"] | ||
aliases = ["CVE-2019-12900"] | ||
|
||
[[references]] | ||
type = "DISCUSSION" | ||
url = "https://gnu.wildebeest.org/blog/mjw/2019/08/02/bzip2-and-the-cve-that-wasnt/" | ||
|
||
[[references]] | ||
type = "FIX" | ||
url = "https://sourceware.org/git/?p=bzip2.git;a=commit;h=7ed62bfb46e87a9e878712603469440e6882b184" | ||
|
||
[[affected]] | ||
package = "bzlib" | ||
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" | ||
|
||
[[affected.versions]] | ||
introduced = "0.4" | ||
|
||
[[affected]] | ||
package = "bz2" | ||
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" | ||
|
||
[[affected.versions]] | ||
introduced = "0.1.0.0" | ||
|
||
[[affected]] | ||
package = "bzlib-conduit" | ||
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" | ||
|
||
[[affected.versions]] | ||
introduced = "0.1.0.0" | ||
``` | ||
|
||
# out-of-bounds write when there are many bzip2 selectors | ||
|
||
A malicious bzip2 payload may produce a memory corruption | ||
resulting in a denial of service and/or remote code execution. | ||
Network services or command line utilities decompressing | ||
untrusted bzip2 payloads are affected. | ||
|
||
Note that the exploitation of this bug relies on an undefined | ||
behavior that appears to be handled safely by current compilers. | ||
|
||
The Haskell libraires are vulnerable when they are built using | ||
the bundled C library source code, which is the default | ||
in most cases. |