VDB
HSEC-2024-0002-3
HSEC-2024-0002-3
PUBLISHED
out-of-bounds write when there are many bzip2 selectors
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| haskell | bzlib-conduit | 0.1.0.0, 0.1.0.0, 0.1.0.0 |
Timeline
- Jun 19, 2019 CVE Published
References
- http://scary.beasts.org/security/CESA-2008-005.html url
- https://gnu.wildebeest.org/blog/mjw/2019/08/02/bzip2-and-the-cve-that-wasnt/ url
- https://sourceware.org/git/?p=bzip2.git;a=commit;h=7ed62bfb46e87a9e878712603469440e6882b184 patch
- https://access.redhat.com/security/cve/cve-2019-12900 advisory
- https://github.com/haskell/security-advisories/blob/main/advisories/published/2024/HSEC-2024-0002.md exploit