cve/2019/CVE-2019-12900.md

CVE-2019-12900

Description

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

POC

Reference

• http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html
• http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html
• https://seclists.org/bugtraq/2019/Aug/4
• https://www.oracle.com/security-alerts/cpuoct2020.html

Github

• https://github.com/Anna-Rafaella/Conteneurisation
• https://github.com/NathanielAPawluk/sec-buddy
• https://github.com/bubbleguuum/zypperdiff
• https://github.com/fokypoky/places-list
• https://github.com/fredrkl/trivy-demo
• https://github.com/marklogic/marklogic-docker