Search for vulnerabilities
Vulnerability details: VCID-pvq7-umur-aaag
Vulnerability ID VCID-pvq7-umur-aaag
Aliases CVE-2010-0405
Summary Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-189 Numeric Errors
CWE-190 Integer Overflow or Wraparound
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2010:0703
rhas Important https://access.redhat.com/errata/RHSA-2010:0858
epss 0.02720 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.02720 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.02720 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.02720 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.02720 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.02720 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.02720 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.02720 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.02720 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.02720 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.02720 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.02720 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.02873 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.02873 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.02873 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.02873 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0587 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.0921 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
epss 0.13885 https://api.first.org/data/v1/epss?cve=CVE-2010-0405
cvssv2 5.1 https://nvd.nist.gov/vuln/detail/CVE-2010-0405
generic_textual MODERATE http://www.vmware.com/security/advisories/VMSA-2010-0019.html
Reference id Reference type URL
http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3
http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.3
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
http://marc.info/?l=oss-security&m=128506868510655&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0405.json
https://api.first.org/data/v1/epss?cve=CVE-2010-0405
https://bugzilla.redhat.com/show_bug.cgi?id=627882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405
http://secunia.com/advisories/41452
http://secunia.com/advisories/41505
http://secunia.com/advisories/42350
http://secunia.com/advisories/42404
http://secunia.com/advisories/42405
http://secunia.com/advisories/42529
http://secunia.com/advisories/42530
http://secunia.com/advisories/48378
http://security.gentoo.org/glsa/glsa-201301-05.xml
http://support.apple.com/kb/HT4581
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231
http://www.bzip.org/
http://www.redhat.com/support/errata/RHSA-2010-0703.html
http://www.redhat.com/support/errata/RHSA-2010-0858.html
http://www.securityfocus.com/archive/1/515055/100/0/threaded
http://www.ubuntu.com/usn/usn-986-1
http://www.ubuntu.com/usn/USN-986-2
http://www.ubuntu.com/usn/USN-986-3
http://www.vmware.com/security/advisories/VMSA-2010-0019.html
http://www.vupen.com/english/advisories/2010/2455
http://www.vupen.com/english/advisories/2010/3043
http://www.vupen.com/english/advisories/2010/3052
http://www.vupen.com/english/advisories/2010/3073
http://www.vupen.com/english/advisories/2010/3126
http://www.vupen.com/english/advisories/2010/3127
http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/
cpe:2.3:a:bzip:bzip2:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:*:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.0a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9.0a:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.0b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9.0b:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.0c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9.0c:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5_a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9.5_a:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5_b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9.5_b:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5_c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9.5_c:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5_d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9.5_d:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9_a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9_a:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9_b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9_b:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9_c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9_c:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:1.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:1.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:1.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:libzip2:libzip2:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libzip2:libzip2:*:*:*:*:*:*:*:*
CVE-2010-0405 https://nvd.nist.gov/vuln/detail/CVE-2010-0405
GLSA-201110-20 https://security.gentoo.org/glsa/201110-20
GLSA-201301-05 https://security.gentoo.org/glsa/201301-05
RHSA-2010:0703 https://access.redhat.com/errata/RHSA-2010:0703
RHSA-2010:0858 https://access.redhat.com/errata/RHSA-2010:0858
USN-986-1 https://usn.ubuntu.com/986-1/
USN-986-2 https://usn.ubuntu.com/986-2/
USN-986-3 https://usn.ubuntu.com/986-3/
No exploits are available.
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2010-0405
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.90781
EPSS Score 0.02720
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.