CVEブラウザに戻る

CVE-2002-0759

MEDIUM

5.0

CVSS Severity Score

EPSS Score0.0140%

EPSS Percentile3.58th

Published2002年8月12日

Last Modified2026年4月16日

Vulnerability Description

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.

Affected Platforms (CPE)

📦

Bzip

Bzip2

= 0.9.0

📦

Bzip

Bzip2

= 0.9.0a

📦

Bzip

Bzip2

= 0.9.0b

📦

Bzip

Bzip2

= 0.9.0c

📦

Bzip

Bzip2

= 0.9.5a

📦

Bzip

Bzip2

= 0.9.5b

📦

Bzip

Bzip2

= 0.9.5c

📦

Bzip

Bzip2

= 0.9.5d

📦

Bzip

Bzip2

= 1.0

📦

Bzip

Bzip2

= 1.0.1

References & Advisories

🔗 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt

🔗 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc

🔗 http://www.iss.net/security_center/static/9126.php

🔗 http://www.securityfocus.com/bid/4774

🔗 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt

🔗 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc

🔗 http://www.iss.net/security_center/static/9126.php

🔗 http://www.securityfocus.com/bid/4774

関連する脆弱性情報

CVE-2007-633710.0

Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact an...

CVE-2016-43369.8

An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionalit...

CVE-2019-129009.8

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

CVE-2007-14617.8

The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safe...