Vulnerability Description
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bzip | Bzip2 | 0.9 |
Related Weaknesses (CWE)
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc
- http://kb.vmware.com/kb/1006982
- http://kb.vmware.com/kb/1007198
- http://kb.vmware.com/kb/1007504
- http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
- http://secunia.com/advisories/29410
- http://secunia.com/advisories/29475
- http://secunia.com/advisories/29497
- http://secunia.com/advisories/29506
- http://secunia.com/advisories/29656
- http://secunia.com/advisories/29677
- http://secunia.com/advisories/29698
- http://secunia.com/advisories/29940
- http://secunia.com/advisories/31204
FAQ
What is CVE-2008-1372?
CVE-2008-1372 is a vulnerability with a CVSS score of 4.3 (MEDIUM). bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test ...
How severe is CVE-2008-1372?
CVE-2008-1372 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1372?
Check the references section above for vendor advisories and patch information. Affected products include: Bzip Bzip2.