CVE-2009-1884

Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
bzipcompress-raw-bzip2
𝑥
≤ 2.017
bzipcompress-raw-bzip2
2.0.00_10:_10
bzipcompress-raw-bzip2
2.0.00_12:_12
bzipcompress-raw-bzip2
2.0.00_14:_14
bzipcompress-raw-bzip2
2.0.01
bzipcompress-raw-bzip2
2.0.02
bzipcompress-raw-bzip2
2.0.03
bzipcompress-raw-bzip2
2.0.05
bzipcompress-raw-bzip2
2.0.06
bzipcompress-raw-bzip2
2.0.08
bzipcompress-raw-bzip2
2.0.09
bzipcompress-raw-bzip2
2.010
bzipcompress-raw-bzip2
2.011
bzipcompress-raw-bzip2
2.012
bzipcompress-raw-bzip2
2.014
bzipcompress-raw-bzip2
2.015
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libcompress-raw-bzip2-perl
bullseye
2.101-1
fixed
bookworm
2.204-1
fixed
sid
2.213-1
fixed
trixie
2.213-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libcompress-raw-bzip2-perl
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
ignored
intrepid
ignored
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/36386
http://secunia.com/advisories/36415
http://security.gentoo.org/glsa/glsa-200908-07.xml
http://www.securityfocus.com/bid/36082
https://bugs.gentoo.org/show_bug.cgi?id=281955
https://bugzilla.redhat.com/show_bug.cgi?id=518278
https://exchange.xforce.ibmcloud.com/vulnerabilities/52628
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html
http://secunia.com/advisories/36386
http://secunia.com/advisories/36415
http://security.gentoo.org/glsa/glsa-200908-07.xml
http://www.securityfocus.com/bid/36082
https://bugs.gentoo.org/show_bug.cgi?id=281955
https://bugzilla.redhat.com/show_bug.cgi?id=518278
https://exchange.xforce.ibmcloud.com/vulnerabilities/52628
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html