VDB
GCVE-110-HSEC-2024-0002-2
GCVE-110-HSEC-2024-0002-2
Advisory PublishedCVSS 0.0/10
# out-of-bounds write when there are many bzip2 selectors
A malicious bzip2 payload may produce a memory corruption
resulting in a denial of service and/or remote code execution.
Network services or command line utilities decompressing
untrusted bzip2 payloads are affected.
Note that the exploitation of this bug relies on an undefined
behavior that appears to be handled safely by current compilers.
The Haskell libraires are vulnerable when they are built using
the bundled C library source code, which is the default
in most cases.
Weaknesses (CWE)
CWE-787CWE-787
Risk Scores
CVSS 3.0
0.0/10
None · CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| haskell | bz2 | 0.1.0.0 (affected), 0.1.0.0 (affected), 0.1.0.0 (affected), 0.1.0.0 (affected), 0.1.0.0 (affected) | — |
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.