CVE-2009-1884
Last modified
CVE-2009-1884 is a vulnerability of currently unknown severity. Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.. EPSS estimates a 2.08% chance of exploitation in the next 30 days.
Description
Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Bzip | Compress-Raw-Bzip2 | <= 2.017 |
| Bzip | Compress-Raw-Bzip2 | 2.0.00_10 |
| Bzip | Compress-Raw-Bzip2 | 2.0.00_12 |
| Bzip | Compress-Raw-Bzip2 | 2.0.00_14 |
| Bzip | Compress-Raw-Bzip2 | 2.0.01 |
| Bzip | Compress-Raw-Bzip2 | 2.0.02 |
| Bzip | Compress-Raw-Bzip2 | 2.0.03 |
| Bzip | Compress-Raw-Bzip2 | 2.0.05 |
| Bzip | Compress-Raw-Bzip2 | 2.0.06 |
| Bzip | Compress-Raw-Bzip2 | 2.0.08 |
| Bzip | Compress-Raw-Bzip2 | 2.0.09 |
| Bzip | Compress-Raw-Bzip2 | 2.010 |
| Bzip | Compress-Raw-Bzip2 | 2.011 |
| Bzip | Compress-Raw-Bzip2 | 2.012 |
| Bzip | Compress-Raw-Bzip2 | 2.014 |
| Bzip | Compress-Raw-Bzip2 | 2.015 |
References
- http://secunia.com/advisories/36386Vendor Advisory
- http://secunia.com/advisories/36386Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-1884?
How severe is CVE-2009-1884?
How do I fix CVE-2009-1884?
Are you affected by CVE-2009-1884?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST