CVE-2016-3189
Summary
| CVE | CVE-2016-3189 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-06-30 17:59:00 UTC |
| Updated | 2023-11-07 02:32:00 UTC |
| Description | Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| [SECURITY] [DLA 1833-1] bzip2 security update | MLIST | lists.debian.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | lists.apache.org | ||
| [kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. | lists.apache.org | ||
| Pony Mail! | lists.apache.org | ||
| Slackware Security Advisory - bzip2 Updates ≈ Packet Storm | MISC | packetstormsecurity.com | |
| Pony Mail! | MLIST | lists.apache.org | |
| FreeBSD Security Advisory - FreeBSD-SA-19:18.bzip2 ≈ Packet Storm | MISC | packetstormsecurity.com | |
| Pony Mail! | lists.apache.org | ||
| Oracle Critical Patch Update Advisory - October 2020 | MISC | www.oracle.com | |
| Pony Mail! | MLIST | lists.apache.org | |
| oss-security - CVE-2016-3189: bzip2 use-after-free on bzip2recover | MLIST | www.openwall.com | |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| bzip2: Denial of Service (GLSA 201708-08) — Gentoo Security | GENTOO | security.gentoo.org | |
| Bugtraq: [slackware-security] bzip2 (SSA:2019-195-01) | BUGTRAQ | seclists.org | |
| USN-4038-2: bzip2 vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| bzip2 '/bzip2recover.c' Denial of Service Vulnerability | BID | www.securityfocus.com | |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| USN-4038-1: bzip2 vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | lists.apache.org | ||
| Bzip2 Use-After-Free Memory Error in bzip2recover Lets Remote Users Cause the Target Application to Crash - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Bugtraq: FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2 | BUGTRAQ | seclists.org | |
| 1319648 – (CVE-2016-3189) CVE-2016-3189 bzip2: heap use after free in bzip2recover | CONFIRM | bugzilla.redhat.com | |
| FreeBSD-SA-19:18 | FREEBSD | security.FreeBSD.org | |
| Pony Mail! | lists.apache.org | ||
| Oracle Solaris Bulletin - July 2016 | CONFIRM | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 500084 Alpine Linux Security Update for bzip2
- 503757 Alpine Linux Security Update for bzip2
- 671089 EulerOS Security Update for bzip2 (EulerOS-SA-2019-2560)
- 710351 Gentoo Linux bzip2 Denial of Service (DoS) Vulnerability (GLSA 201708-08)
- 900017 CBL-Mariner Linux Security Update for bzip2 1.0.6
- 903363 Common Base Linux Mariner (CBL-Mariner) Security Update for bzip2 (1946)