CVE-2019-12900
high-risk
Published 2019-06-19
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
Do I need to act?
~
1.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 000593c0f97ac9b75b56064a957b84a3aaa60674, ea673213dd30afd8cacb53927e7d86f6125e86c8, 2de452f8bf2f78417e04bcf7919beb502c53a0e2, a342a49189c16f01e7b95e0bf22ea2bd539222cd, 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
References (46)
Third Party Advisory
http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Up...
Third Party Advisory
http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA...
Mailing List
https://seclists.org/bugtraq/2019/Aug/4
Mailing List
https://seclists.org/bugtraq/2019/Jul/22
Third Party Advisory
https://usn.ubuntu.com/4038-1/
Third Party Advisory
https://usn.ubuntu.com/4038-2/
and 26 more references
58
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
3/34 · Minimal
Exposure
23/34 · High