This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
3c7edc7a-f680-11e9-a87f-a4badb2f4699 | FreeBSD -- Multiple vulnerabilities in bzip2Problem Description:The decompressor used in bzip2 contains a bug which can lead to an out-of-bounds write when processing a specially crafted bzip2(1) file. bzip2recover contains a heap use-after-free bug which can be triggered when processing a specially crafted bzip2(1) file. Impact:An attacker who can cause maliciously crafted input to be processed may trigger either of these bugs. The bzip2recover bug may cause a crash, permitting a denial-of-service. The bzip2 decompressor bug could potentially be exploited to execute arbitrary code. Note that some utilities, including the tar(1) archiver and the bspatch(1) binary patching utility (used in portsnap(8) and freebsd-update(8)) decompress bzip2(1)-compressed data internally; system administrators should assume that their systems will at some point decompress bzip2(1)-compressed data even if they never explicitly invoke the bunzip2(1) utility. Discovery 2019-08-06 Entry 2019-10-24 FreeBSD ge 12.0 lt 12.0_9 ge 11.3 lt 11.3_2 ge 11.2 lt 11.2_13 CVE-2016-3189 CVE-2019-1290 SA-19:18.bzip2 |