cpe:/a:bzip:bzip2:0.9 cpe:/a:bzip:bzip2:0.9.0 cpe:/a:bzip:bzip2:0.9.0a cpe:/a:bzip:bzip2:0.9.0b cpe:/a:bzip:bzip2:0.9.0c cpe:/a:bzip:bzip2:0.9.5_a cpe:/a:bzip:bzip2:0.9.5_b cpe:/a:bzip:bzip2:0.9.5_c cpe:/a:bzip:bzip2:0.9.5_d cpe:/a:bzip:bzip2:0.9.5a cpe:/a:bzip:bzip2:0.9.5b cpe:/a:bzip:bzip2:0.9.5c cpe:/a:bzip:bzip2:0.9.5d cpe:/a:bzip:bzip2:0.9_a cpe:/a:bzip:bzip2:0.9_b cpe:/a:bzip:bzip2:0.9_c cpe:/a:bzip:bzip2:1.0 cpe:/a:bzip:bzip2:1.0.1 cpe:/a:bzip:bzip2:1.0.2 cpe:/a:bzip:bzip2:1.0.3 cpe:/a:bzip:bzip2:1.0.4 cpe:/a:bzip:bzip2:1.0.5 cpe:/a:libzip2:libzip2:1.0.5 CVE-2010-0405 2010-09-28T14:00:02.340-04:00 2013-08-21T23:28:14.027-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-09-29T16:21:00.000-04:00 BUGTRAQ 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console SECUNIA 41452 SECUNIA 41505 SECUNIA 42350 SECUNIA 42404 SECUNIA 42405 SECUNIA 42529 SECUNIA 42530 SECUNIA 48378 VUPEN ADV-2010-2455 VUPEN ADV-2010-3043 VUPEN ADV-2010-3052 VUPEN ADV-2010-3073 VUPEN ADV-2010-3126 VUPEN ADV-2010-3127 APPLE APPLE-SA-2011-03-21-1 FEDORA FEDORA-2010-1512 FEDORA FEDORA-2010-17439 GENTOO GLSA-201301-05 IAVM IAVM:2010-B-0083 REDHAT RHSA-2010:0703 REDHAT RHSA-2010:0858 SUSE SUSE-SR:2010:018 UBUNTU USN-986-1 UBUNTU USN-986-2 UBUNTU USN-986-3 MLIST [oss-security] 20100921 bzip2 CVE-2010-0405 integer overflow CONFIRM http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow CONFIRM http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.3 CONFIRM http://support.apple.com/kb/HT4581 CONFIRM http://www.bzip.org/ CONFIRM http://www.vmware.com/security/advisories/VMSA-2010-0019.html CONFIRM http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/ CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=627882 CONFIRM https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230 CONFIRM https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231 Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.