CVE-2019-12900
MEDIUM4.0EPSS 1.1%out-of-bounds write when there are many bzip2 selectors
發布日:2025/11/14修改日:2025/12/3
也稱為:ALPINE-CVE-2019-12900DEBIAN-CVE-2019-12900HSEC-2024-0002PSF-2019-4
描述
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
受影響套件(6)
- Alpine/bzip2from 0, < 1.0.6-r7
- Debian/bzip2from 0, < 1.0.6-9.1
- Debian/clamavfrom 0, < 0.101.4+dfsg-1
- Hackage/bz2>= 0.1.0.0, < 1.0.1.1
- Hackage/bzlib>= 0.4, < 0.5.2.0
- Hackage/bzlib-conduit>= 0.1.0.0, < 0.3.0.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.0 | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
參考連結(6)
- ADVISORYhttps://access.redhat.com/security/cve/cve-2019-12900
- ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2019-12900
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2019-12900
- PATCHhttps://sourceware.org/git/?p=bzip2.git;a=commit;h=7ed62bfb46e87a9e878712603469440e6882b184
- WEBhttp://scary.beasts.org/security/CESA-2008-005.html
- WEBhttps://gnu.wildebeest.org/blog/mjw/2019/08/02/bzip2-and-the-cve-that-wasnt/