Описание
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.
Отчет
This vulnerability only causes failure to decompress when using the package bzip2 functionality. There is no known vector of attack (apart of possibility that some of the older archives compressed with bzip2 could become unaccessible if still buggy version of bzip2 being used to decompress). This bug has been fixed in upstream with multiple iterations.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | bzip2 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | bzip2 | Fixed | RHSA-2024:8922 | 06.11.2024 |
| Red Hat Enterprise Linux 8 | bzip2 | Fixed | RHSA-2025:0733 | 28.01.2025 |
| Red Hat Enterprise Linux 9 | bzip2 | Fixed | RHSA-2025:0925 | 04.02.2025 |
| Red Hat Enterprise Linux 9 | bzip2 | Fixed | RHSA-2025:0925 | 04.02.2025 |
| Red Hat Enterprise Linux 9.4 Extended Update Support | bzip2 | Fixed | RHSA-2024:10803 | 04.12.2024 |
| RHINT Camel-K 1.10.9 | Fixed | RHSA-2025:1154 | 06.02.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.4 Medium
CVSS3
Связанные уязвимости
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bo ...
EPSS
4.4 Medium
CVSS3