TROYANOSYVIRUS
Back to CVEs

CVE-2019-12900

CRITICAL
9.8

Description

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

CVE Details

CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published6/19/2019
Last Modified6/9/2025
Sourcenvd
Honeypot Sightings0

Affected Products

bzip:bzip2canonical:ubuntu_linuxdebian:debian_linuxfreebsd:freebsdopensuse:leappython:python

Weaknesses (CWE)

CWE-787CWE-787

References

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html(cve@mitre.org)
http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html(cve@mitre.org)
http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html(cve@mitre.org)
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc(cve@mitre.org)
https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E(cve@mitre.org)
https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E(cve@mitre.org)
https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html(cve@mitre.org)
https://seclists.org/bugtraq/2019/Aug/4(cve@mitre.org)
https://seclists.org/bugtraq/2019/Jul/22(cve@mitre.org)
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc(cve@mitre.org)
https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp%3Butm_medium=RSS(cve@mitre.org)
https://usn.ubuntu.com/4038-1/(cve@mitre.org)
https://usn.ubuntu.com/4038-2/(cve@mitre.org)
https://usn.ubuntu.com/4146-1/(cve@mitre.org)
https://usn.ubuntu.com/4146-2/(cve@mitre.org)
https://www.oracle.com/security-alerts/cpuoct2020.html(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Aug/4(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Jul/22(af854a3a-2127-422b-91ae-364da2661108)
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc(af854a3a-2127-422b-91ae-364da2661108)
https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp%3Butm_medium=RSS(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4038-1/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4038-2/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4146-1/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4146-2/(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2020.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.