{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-17T13:06:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"}, {"name": "USN-4038-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4038-2/"}, {"name": "USN-4038-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4038-1/"}, {"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Jul/22"}, {"name": "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"}, {"name": "openSUSE-SU-2019:1781", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"}, {"name": "FreeBSD-SA-19:18", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"}, {"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Aug/4"}, {"name": "openSUSE-SU-2019:1918", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"}, {"name": "USN-4146-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4146-1/"}, {"name": "USN-4146-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4146-2/"}, {"name": "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"}, {"name": "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"}, {"name": "openSUSE-SU-2019:2595", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"}, {"name": "openSUSE-SU-2019:2597", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"}, {"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"}, {"tags": ["x_refsource_MISC"], "url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp%3Butm_medium=RSS"}, {"name": "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E"}, {"name": "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-12900", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"}, {"name": "USN-4038-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4038-2/"}, {"name": "USN-4038-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4038-1/"}, {"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jul/22"}, {"name": "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"}, {"name": "openSUSE-SU-2019:1781", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"}, {"name": "FreeBSD-SA-19:18", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"}, {"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Aug/4"}, {"name": "openSUSE-SU-2019:1918", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"}, {"name": "USN-4146-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4146-1/"}, {"name": "USN-4146-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4146-2/"}, {"name": "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"}, {"name": "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"}, {"name": "openSUSE-SU-2019:2595", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"}, {"name": "openSUSE-SU-2019:2597", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"}, {"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b@%3Cusers.kafka.apache.org%3E"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"}, {"name": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"}, {"name": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc", "refsource": "MISC", "url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"}, {"name": "https://support.f5.com/csp/article/K68713584?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support&utm_medium=RSS"}, {"name": "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4@%3Cuser.flink.apache.org%3E"}, {"name": "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774@%3Cuser.flink.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:32:55.554Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"}, {"name": "USN-4038-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4038-2/"}, {"name": "USN-4038-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4038-1/"}, {"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jul/22"}, {"name": "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"}, {"name": "openSUSE-SU-2019:1781", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"}, {"name": "FreeBSD-SA-19:18", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"}, {"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Aug/4"}, {"name": "openSUSE-SU-2019:1918", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"}, {"name": "USN-4146-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4146-1/"}, {"name": "USN-4146-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4146-2/"}, {"name": "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"}, {"name": "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"}, {"name": "openSUSE-SU-2019:2595", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"}, {"name": "openSUSE-SU-2019:2597", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"}, {"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp%3Butm_medium=RSS"}, {"name": "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E"}, {"name": "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-12900", "datePublished": "2019-06-19T22:07:57", "dateReserved": "2019-06-19T00:00:00", "dateUpdated": "2024-08-04T23:32:55.554Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bzip:bzip2:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1DF1F35-B07F-44DD-9B74-57B0CA6DC59C", "versionEndIncluding": "1.0.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:*", "matchCriteriaId": "1F3EFED2-F6BC-46D9-AB22-D5ED87EF4549", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*", "matchCriteriaId": "3ACD1D8D-B3BC-4E99-B846-90A4071DB87B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p10:*:*:*:*:*:*", "matchCriteriaId": "0A8A5CDA-E099-47BA-A0C0-2F79C0432156", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p11:*:*:*:*:*:*", "matchCriteriaId": "9AF6EBB1-EADE-41E2-A47B-0EC20F0C9899", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p12:*:*:*:*:*:*", "matchCriteriaId": "63721E89-F453-423F-B34B-07B44C85A052", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*", "matchCriteriaId": "699FE432-8DF0-49F1-A98B-0E19CE01E5CE", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*", "matchCriteriaId": "20B06752-39EE-4600-AC1F-69FB9C88E2A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*", "matchCriteriaId": "22365F7C-2B00-4B61-84E8-EFBA3B8CFDC0", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*", "matchCriteriaId": "E86CD544-86C4-4D9D-9CE5-087027509EDA", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*", "matchCriteriaId": "64E47AE7-BB45-428E-90E9-38BFDFF23650", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*", "matchCriteriaId": "586B9FA3-65A2-41EB-A848-E4A75565F0CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*", "matchCriteriaId": "1164B48E-2F28-43C5-9B7B-546EAE12E27D", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*", "matchCriteriaId": "F0B15B89-3AD2-4E03-9F47-DA934702187B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:rc3:*:*:*:*:*:*", "matchCriteriaId": "878DF67E-420A-4229-BEA8-DB9F7161ED9A", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*", "matchCriteriaId": "F35957CE-AF9F-40CA-BDD1-FA6A0E73783F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*", "matchCriteriaId": "EA929713-B797-494A-853D-C121D9D69519", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*", "matchCriteriaId": "826B53C2-517F-4FC6-92E8-E7FCB24F91B4", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*", "matchCriteriaId": "93F10A46-AEF2-4FDD-92D6-0CF07B70F986", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*", "matchCriteriaId": "E1AD57A9-F53A-4E40-966E-F2F50852C5E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*", "matchCriteriaId": "C4029113-130F-4A33-A8A0-BC3E74000378", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:*", "matchCriteriaId": "46C5A6FD-7BBF-4E84-9895-8EE14DC846E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p5:*:*:*:*:*:*", "matchCriteriaId": "6D71D083-3279-4DF4-91E1-38C373DD062F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p6:*:*:*:*:*:*", "matchCriteriaId": "882669AB-BCFC-4517-A3E9-33D344F1ED0D", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p7:*:*:*:*:*:*", "matchCriteriaId": "BC3D24FB-50A2-4E37-A479-AF21F8ECD706", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p8:*:*:*:*:*:*", "matchCriteriaId": "3070787D-76E1-4671-B99D-213F7103B3A2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F9F989B-EEF4-44E0-8EC5-A6D109CB582A", "versionEndExcluding": "3.7.13", "versionStartIncluding": "3.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "A92B327D-75B5-4273-A454-428BC194C4A9", "versionEndExcluding": "3.8.13", "versionStartIncluding": "3.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D93AE49-9E53-433F-AB01-A18C81CCEAED", "versionEndExcluding": "3.9.11", "versionStartIncluding": "3.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "492C0F52-2AE3-427B-87E6-8A2E701F744A", "versionEndExcluding": "3.10.3", "versionStartIncluding": "3.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors."}, {"lang": "es", "value": "La funci\u00f3n BZ2_decompress en el archivo decompress.c en bzip2 hasta 1.0.6, presenta una escritura fuera de l\u00edmites cuando hay muchos selectores."}], "id": "CVE-2019-12900", "lastModified": "2024-11-21T04:23:47.333", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-19T23:15:09.910", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Aug/4"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jul/22"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"}, {"source": "cve@mitre.org", "url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4038-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4038-2/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4146-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4146-2/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Aug/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jul/22"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4038-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4038-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4146-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4146-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:8922", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "bzip2-0:1.0.6-27.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2025:0733", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "bzip2-0:1.0.6-28.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-01-28T00:00:00Z"}, {"advisory": "RHSA-2025:0925", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "bzip2-0:1.0.8-10.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-02-04T00:00:00Z"}, {"advisory": "RHSA-2025:0925", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "bzip2-0:1.0.8-10.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-02-04T00:00:00Z"}, {"advisory": "RHSA-2024:10803", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "bzip2-0:1.0.8-8.el9_4.1", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2024-12-04T00:00:00Z"}, {"advisory": "RHSA-2025:1154", "cpe": "cpe:/a:redhat:camel_k:1.10.9", "product_name": "RHINT Camel-K 1.10.9", "release_date": "2025-02-06T00:00:00Z"}], "bugzilla": {"description": "bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).", "id": "2332075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332075"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "verified"}, "cwe": "CWE-1214", "details": ["BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files."], "name": "CVE-2019-12900", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "bzip2", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-11-15T10:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-12900\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12900"], "statement": "This vulnerability only causes failure to decompress when using the package bzip2 functionality. There is no known vector of attack (apart of possibility that some of the older archives compressed with bzip2 could become unaccessible if still buggy version of bzip2 being used to decompress). This bug has been fixed in upstream with multiple iterations.", "threat_severity": "Moderate"}