FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0ddb57a9-da20-4e99-b048-4366092f3d31bzip2 -- integer overflow vulnerability

Secunia reports:

A vulnerability has been reported in bzip2, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

The vulnerability is caused due to an integer overflow in the "BZ2_decompress()" function in decompress.c and can be exploited to cause a crash or potentially execute arbitrary code.


Discovery 2010-09-21
Entry 2010-10-25
bzip2
lt 1.0.6

SA-10:08.bzip2
ports/151364
CVE-2010-0405
43331
http://www.openwall.com/lists/oss-security/2010/09/21/4
http://secunia.com/advisories/41452
4b6cb45d-881e-447a-a4e0-c97a954ea758bzip2 -- multiple issues

bzip2 developers reports:

CVE-2016-3189 - Fix use-after-free in bzip2recover (Jakub Martisko)

CVE-2019-12900 - Detect out-of-range nSelectors in corrupted files (Albert Astals Cid). Found through fuzzing karchive.


Discovery 2019-06-23
Entry 2019-06-30
bzip2
lt 1.0.7

https://gitlab.com/federicomenaquintero/bzip2/blob/master/NEWS
https://bugzilla.redhat.com/show_bug.cgi?id=1319648
CVE-2016-3189
CVE-2019-12900