CVE-2019-12900 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 79%

Vendor	Product	Version
bzip	bzip2	𝑥 ≤ 1.0.6
debian	debian_linux	8.0
opensuse	leap	15.0
opensuse	leap	15.1
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.04
freebsd	freebsd	11.2
freebsd	freebsd	11.2:p10
freebsd	freebsd	11.2:p11
freebsd	freebsd	11.2:p12
freebsd	freebsd	11.2:p2
freebsd	freebsd	11.2:p3
freebsd	freebsd	11.2:p4
freebsd	freebsd	11.2:p5
freebsd	freebsd	11.2:p6
freebsd	freebsd	11.2:p7
freebsd	freebsd	11.2:p8
freebsd	freebsd	11.2:p9
freebsd	freebsd	11.2:rc3
freebsd	freebsd	11.3
freebsd	freebsd	11.3:p1
freebsd	freebsd	12.0
freebsd	freebsd	12.0:p1
freebsd	freebsd	12.0:p2
freebsd	freebsd	12.0:p3
freebsd	freebsd	12.0:p4
freebsd	freebsd	12.0:p5
freebsd	freebsd	12.0:p6
freebsd	freebsd	12.0:p7
freebsd	freebsd	12.0:p8
python	python	3.7.0 ≤ 𝑥 < 3.7.13
python	python	3.8.0 ≤ 𝑥 < 3.8.13
python	python	3.9.0 ≤ 𝑥 < 3.9.11
python	python	3.10.0 ≤ 𝑥 < 3.10.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

bzip2

bullseye	1.0.8-4 fixed
stretch	no-dsa
bookworm	1.0.8-5 fixed
sid	1.0.8-6 fixed
trixie	1.0.8-6 fixed

clamav

bullseye	0.103.10+dfsg-0+deb11u1 fixed
stretch	no-dsa
bookworm	1.0.5+dfsg-1~deb12u1 fixed
sid	1.4.1+dfsg-1 fixed
trixie	1.4.1+dfsg-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

bzip2

disco	Fixed 1.0.6-9ubuntu0.19.04.1 released
cosmic	Fixed 1.0.6-9ubuntu0.18.10.1 released
bionic	Fixed 1.0.6-8.1ubuntu0.2 released
xenial	Fixed 1.0.6-8ubuntu0.2 released
trusty	Fixed 1.0.6-5ubuntu0.1~esm2 released

clamav

disco	Fixed 0.101.4+dfsg-0ubuntu0.19.04.1 released
bionic	Fixed 0.101.4+dfsg-0ubuntu0.18.04.1 released
xenial	Fixed 0.101.4+dfsg-0ubuntu0.16.04.1 released
trusty	Fixed 0.101.4+dfsg-0ubuntu0.14.04.1+esm1 released

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html

http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html

http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html

https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc

https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E

https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E

https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E

https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html

https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html

https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html

https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html

https://seclists.org/bugtraq/2019/Aug/4

https://seclists.org/bugtraq/2019/Jul/22

https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc

https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp%3Butm_medium=RSS

https://usn.ubuntu.com/4038-1/

https://usn.ubuntu.com/4038-2/

https://usn.ubuntu.com/4146-1/

https://usn.ubuntu.com/4146-2/

https://www.oracle.com/security-alerts/cpuoct2020.html

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html

http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html

http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html

https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc

https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E

https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E

https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E

https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html

https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html

https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html

https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html

https://seclists.org/bugtraq/2019/Aug/4

https://seclists.org/bugtraq/2019/Jul/22

https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc

https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp%3Butm_medium=RSS

https://usn.ubuntu.com/4038-1/

https://usn.ubuntu.com/4038-2/

https://usn.ubuntu.com/4146-1/

https://usn.ubuntu.com/4146-2/

https://www.oracle.com/security-alerts/cpuoct2020.html