Описание
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.0a:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.0b:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.0c:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00157
Низкий
2.1 Low
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.
EPSS
Процентиль: 37%
0.00157
Низкий
2.1 Low
CVSS2
Дефекты
NVD-CWE-Other