Detections
Analytics
FreeBSD : bzip2 -- multiple issues (4b6cb45d-881e-447a-a4e0-c97a954ea758)
critical Nessus Plugin ID 126364
Language:
Synopsis
The remote FreeBSD host is missing a security-related update.Description
bzip2 developers reports :CVE-2016-3189 - Fix use-after-free in bzip2recover (Jakub Martisko)
CVE-2019-12900 - Detect out-of-range nSelectors in corrupted files (Albert Astals Cid). Found through fuzzing karchive.
Solution
Update the affected package.See Also
https://gitlab.com/federicomenaquintero/bzip2/blob/master/NEWS
Plugin Details
Severity: Critical
ID: 126364
File Name: freebsd_pkg_4b6cb45d881e447aa4e0c97a954ea758.nasl
Version: 1.3
Type: local
Family: FreeBSD Local Security Checks
Published: 7/1/2019
Updated: 10/23/2020
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:bzip2, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Ease: No known exploits are available
Patch Publication Date: 6/30/2019
Vulnerability Publication Date: 6/23/2019
Reference Information
CVE: CVE-2016-3189, CVE-2019-12900
IAVA: 2020-A-0482