oss-sec mailing list archives
Re: CVE request: bzip2 CERT-FI: 20469
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 18 Mar 2008 16:55:16 -0400 (EDT)
====================================================== Name: CVE-2008-1372 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372 Reference: MISC:http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html Reference: CONFIRM:http://bzip.org/ Reference: CONFIRM:https://bugs.gentoo.org/attachment.cgi?id=146488&action=view Reference: CERT-VN:VU#813451 Reference: URL:http://www.kb.cert.org/vuls/id/813451 Reference: BID:28286 Reference: URL:http://www.securityfocus.com/bid/28286 Reference: FRSIRT:ADV-2008-0915 Reference: URL:http://www.frsirt.com/english/advisories/2008/0915 bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite.
Current thread:
- CVE request: bzip2 CERT-FI: 20469 Robert Buchholz (Mar 18)
- Re: CVE request: bzip2 CERT-FI: 20469 Josh Bressers (Mar 18)
- Re: CVE request: bzip2 CERT-FI: 20469 Steven M. Christey (Mar 18)
- Re: CVE request: bzip2 CERT-FI: 20469 Josh Bressers (Mar 19)
- Re: CVE request: bzip2 CERT-FI: 20469 Josh Bressers (Mar 18)