FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bzip2 -- integer overflow vulnerability

Affected packages
bzip2 < 1.0.6

Details

VuXML ID 0ddb57a9-da20-4e99-b048-4366092f3d31
Discovery 2010-09-21
Entry 2010-10-25

Secunia reports:

A vulnerability has been reported in bzip2, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

The vulnerability is caused due to an integer overflow in the "BZ2_decompress()" function in decompress.c and can be exploited to cause a crash or potentially execute arbitrary code.

References

Bugtraq ID 43331
CVE Name CVE-2010-0405
FreeBSD PR ports/151364
FreeBSD Advisory SA-10:08.bzip2
Message http://www.openwall.com/lists/oss-security/2010/09/21/4
URL http://secunia.com/advisories/41452