CVE-2009-1884

Published Aug 19, 2009

Last updated 2 years ago

CVSS info 4.3

Overview

Description: Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-189

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C58C65A-621E-4EF4-ACD2-2B26ED08EA48",
            "versionEndIncluding": "2.017"
          },
          {
            "criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60FA80AE-D536-4323-9628-514C262DA129"
          },
          {
            "criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B324E22C-0273-42C5-BF76-4C54AF6578A9"
          },
          {
            "criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD46A223-9CB9-48A4-B52D-8621B87AAAA2"
          },
          {
            "criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B51D3C0F-0537-4240-841B-70B21DBD4C03"
          },
          {
            "criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D5A547D-5E85-4257-A71D-63078C5FF30A"
          },
          {
            "criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86CB8226-B0EC-4CB9-9678-6B127679A31A"
          },
          {
            "criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F2C6E05-1CD8-4450-A101-3C2270A64B9E"
          },
          {
            "criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D38E1A94-AA44-48AE-84A4-5C64451DFE96"
          },
          {
            "criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.08:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79442C31-96B2-4CEA-9AEB-DB7F332E938C"
          },
          {
            "criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.09:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "802DF28F-724C-49E8-920E-E6CBA8E296DF"
          },
          {
            "criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.010:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5C1D31B-123E-4294-81B6-46E4241C16DB"
          },
          {
            "criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3F7EC80-16B6-4754-A8BE-28782D2FDC86"
          },
          {
            "criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.012:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FA78C9F-1925-4435-BFBD-129836C12238"
          },
          {
            "criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.014:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E299424-8560-4DCF-BDC1-8F88F0E7E8DA"
          },
          {
            "criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.015:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3026DDC6-DDCF-4244-A657-B45FAA6E4942"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CB490BCA-8592-4324-BCE3-396BFD647D5E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References