FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Multiple vulnerabilities in bzip2

Affected packages
12.0 <= FreeBSD < 12.0_9
11.3 <= FreeBSD < 11.3_2
11.2 <= FreeBSD < 11.2_13

Details

VuXML ID 3c7edc7a-f680-11e9-a87f-a4badb2f4699
Discovery 2019-08-06
Entry 2019-10-24

Problem Description:

The decompressor used in bzip2 contains a bug which can lead to an out-of-bounds write when processing a specially crafted bzip2(1) file.

bzip2recover contains a heap use-after-free bug which can be triggered when processing a specially crafted bzip2(1) file.

Impact:

An attacker who can cause maliciously crafted input to be processed may trigger either of these bugs. The bzip2recover bug may cause a crash, permitting a denial-of-service. The bzip2 decompressor bug could potentially be exploited to execute arbitrary code.

Note that some utilities, including the tar(1) archiver and the bspatch(1) binary patching utility (used in portsnap(8) and freebsd-update(8)) decompress bzip2(1)-compressed data internally; system administrators should assume that their systems will at some point decompress bzip2(1)-compressed data even if they never explicitly invoke the bunzip2(1) utility.

References

CVE Name CVE-2016-3189
CVE Name CVE-2019-1290
FreeBSD Advisory SA-19:18.bzip2