Computer Security

unzip / bzip2 DoS
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



unzip / bzip2 DoS
updated since 23.03.2008
Published:30.03.2009
Source:BUGTRAQ
SecurityVulns ID:8822
Type:remote
Level:5/10
Affected:BZIP : bzip2 1.0
 ANALOG : analog 6.0
CVE:CVE-2008-1372 (bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.)
 CVE-2008-0888 (The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.)
Original documentdocumentGENTOO, [ GLSA 200903-40 ] Analog: Denial of Service (30.03.2009)
 documentRPATH, rPSA-2008-0118-1 bzip2 (23.03.2008)
 documentRPATH, rPSA-2008-0116-1 unzip (23.03.2008)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru