#VU12 Use-after-free memory corruption in bzip2recover in bzip2 - CVE-2016-3189

Cybersecurity Help s.r.o.

Published: 2016-06-21 | Updated: 2016-07-08

Vulnerability identifier: #VU12

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-3189

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
bzip2
Universal components / Libraries / Libraries used by multiple products

Vendor: bzip

Description

The vulnerability allows a remote attacker to cause the target application to crash.

The vulnerability exists due to an use-after-free error in bzip2recover when handling bzip2 files. A remote unauthenticated attacker can send a specially crafted bzip2 archive and cause the target application to crash.

Successful exploitation of this vulnerability will result in denial of service.

Mitigation
A proposed patch is available at:

https://bugzilla.redhat.com/attachment.cgi?id=1169843&action=diff

Vulnerable software versions

bzip2: 1.0.6

External links
https://bugzilla.redhat.com/attachment.cgi?id=1169843&action=diff

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

IBM License Metric Tool update for bzip2

Multiple vulnerabilities in Dell EMC Unity Family, Dell EMC Unity XT Family

Multiple vulnerabilities in Dell EMC AppSync

Multiple vulnerabilities in FreeBSD

Slackware Linux update for bzip2

OpenSUSE Linux update for bzip2

Gentoo update for bzip2

Arch Linux update for bzip2

Use-after-free memory corruption in bzip2recover in bzip2 (Alpine package)