BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html cve-icon cve-icon
http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html cve-icon cve-icon
http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html cve-icon cve-icon
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc cve-icon cve-icon
https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-12900 cve-icon
https://seclists.org/bugtraq/2019/Aug/4 cve-icon cve-icon
https://seclists.org/bugtraq/2019/Jul/22 cve-icon cve-icon
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc cve-icon cve-icon
https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp%3Butm_medium=RSS cve-icon cve-icon
https://usn.ubuntu.com/4038-1/ cve-icon cve-icon
https://usn.ubuntu.com/4038-2/ cve-icon cve-icon
https://usn.ubuntu.com/4146-1/ cve-icon cve-icon
https://usn.ubuntu.com/4146-2/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-12900 cve-icon
https://www.oracle.com/security-alerts/cpuoct2020.html cve-icon cve-icon
History

Thu, 19 Dec 2024 02:15:00 +0000

Type Values Removed Values Added
Title bzip2: out-of-bounds write in function BZ2_decompress bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).
Weaknesses CWE-1214
Metrics cvssV3_0

{'score': 4.0, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

threat_severity

Low

threat_severity

Moderate


Thu, 05 Dec 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4
Vendors & Products Redhat rhel Eus

Wed, 06 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/o:redhat:enterprise_linux:8
Vendors & Products Redhat
Redhat enterprise Linux

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-06-19T22:07:57

Updated: 2024-08-04T23:32:55.554Z

Reserved: 2019-06-19T00:00:00

Link: CVE-2019-12900

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-06-19T23:15:09.910

Modified: 2024-11-21T04:23:47.333

Link: CVE-2019-12900

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-11-15T10:00:00Z

Links: CVE-2019-12900 - Bugzilla