Skip to content

Commit

Permalink
Add HSEC-2024-0002
Browse files Browse the repository at this point in the history
  • Loading branch information
TristanCacqueray committed Mar 8, 2024
1 parent a676942 commit dba444a
Show file tree
Hide file tree
Showing 3 changed files with 52 additions and 0 deletions.
1 change: 1 addition & 0 deletions advisories/hackage/bz2/HSEC-2024-0002.md
1 change: 1 addition & 0 deletions advisories/hackage/bzlib-conduit/HSEC-2024-0002.md
50 changes: 50 additions & 0 deletions advisories/hackage/bzlib/HSEC-2024-0002.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
```toml
[advisory]
id = "HSEC-2024-0002"
cwe = [787]
keywords = ["corruption"]
aliases = ["CVE-2019-12900"]

[[references]]
type = "DISCUSSION"
url = "https://gnu.wildebeest.org/blog/mjw/2019/08/02/bzip2-and-the-cve-that-wasnt/"

[[references]]
type = "FIX"
url = "https://sourceware.org/git/?p=bzip2.git;a=commit;h=7ed62bfb46e87a9e878712603469440e6882b184"

[[affected]]
package = "bzlib"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"

[[affected.versions]]
introduced = "0.4"

[[affected]]
package = "bz2"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"

[[affected.versions]]
introduced = "0.1.0.0"

[[affected]]
package = "bzlib-conduit"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"

[[affected.versions]]
introduced = "0.1.0.0"
```

# out-of-bounds write when there are many bzip2 selectors

A malicious bzip2 payload may produce a memory corruption
resulting in a denial of service and/or remote code execution.
Network services or command line utilities decompressing
untrusted bzip2 payloads are affected.

Note that the exploitation of this bug relies on an undefined
behavior that appears to be handled safely by current compilers.

The Haskell libraires are vulnerable when they are built using
the bundled C library source code, which is the default
in most cases.

0 comments on commit dba444a

Please sign in to comment.