CVE-2019-12900
Published Jun 19, 2019
Last updated a year ago
Overview
- Description
- BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-787
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bzip:bzip2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1DF1F35-B07F-44DD-9B74-57B0CA6DC59C",
"versionEndIncluding": "1.0.6"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F3EFED2-F6BC-46D9-AB22-D5ED87EF4549"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"vulnerable": true,
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3ACD1D8D-B3BC-4E99-B846-90A4071DB87B"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A8A5CDA-E099-47BA-A0C0-2F79C0432156"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9AF6EBB1-EADE-41E2-A47B-0EC20F0C9899"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "63721E89-F453-423F-B34B-07B44C85A052"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "699FE432-8DF0-49F1-A98B-0E19CE01E5CE"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20B06752-39EE-4600-AC1F-69FB9C88E2A8"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22365F7C-2B00-4B61-84E8-EFBA3B8CFDC0"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E86CD544-86C4-4D9D-9CE5-087027509EDA"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64E47AE7-BB45-428E-90E9-38BFDFF23650"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "586B9FA3-65A2-41EB-A848-E4A75565F0CA"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1164B48E-2F28-43C5-9B7B-546EAE12E27D"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F0B15B89-3AD2-4E03-9F47-DA934702187B"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "878DF67E-420A-4229-BEA8-DB9F7161ED9A"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F35957CE-AF9F-40CA-BDD1-FA6A0E73783F"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA929713-B797-494A-853D-C121D9D69519"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "826B53C2-517F-4FC6-92E8-E7FCB24F91B4"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93F10A46-AEF2-4FDD-92D6-0CF07B70F986"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1AD57A9-F53A-4E40-966E-F2F50852C5E4"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4029113-130F-4A33-A8A0-BC3E74000378"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46C5A6FD-7BBF-4E84-9895-8EE14DC846E4"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D71D083-3279-4DF4-91E1-38C373DD062F"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "882669AB-BCFC-4517-A3E9-33D344F1ED0D"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC3D24FB-50A2-4E37-A479-AF21F8ECD706"
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3070787D-76E1-4671-B99D-213F7103B3A2"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F9F989B-EEF4-44E0-8EC5-A6D109CB582A",
"versionEndExcluding": "3.7.13",
"versionStartIncluding": "3.7.0"
},
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A92B327D-75B5-4273-A454-428BC194C4A9",
"versionEndExcluding": "3.8.13",
"versionStartIncluding": "3.8.0"
},
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D93AE49-9E53-433F-AB01-A18C81CCEAED",
"versionEndExcluding": "3.9.11",
"versionStartIncluding": "3.9.0"
},
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "492C0F52-2AE3-427B-87E6-8A2E701F744A",
"versionEndExcluding": "3.10.3",
"versionStartIncluding": "3.10.0"
}
],
"operator": "OR"
}
]
}
]