- Add bzip2 integer overflow vulnerability

Approved by:	pgollucci (mentor, implicit)

1 files changed, 36 insertions, 0 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 988b9e7da67f..79ddf94b921b 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,42 @@ Note:  Please add new entries to the beginning of this file.
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="0ddb57a9-da20-4e99-b048-4366092f3d31">
+    <topic>bzip2 -- integer overflow vulnerability</topic>
+    <affects>
+      <package>
+    <name>bzip2</name>
+    <range><lt>1.0.6</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+    <p>Secunia reports:</p>
+    <blockquote cite="http://secunia.com/advisories/41452">
+      <p>A vulnerability has been reported in bzip2, which can be exploited by
+        malicious people to cause a DoS (Denial of Service) or potentially
+        compromise a vulnerable system.</p>
+      <p>The vulnerability is caused due to an integer overflow in the
+        "BZ2_decompress()" function in decompress.c and can be exploited to
+        cause a crash or potentially execute arbitrary code.</p>
+      <p></p>
+    </blockquote>
+      </body>
+    </description>
+    <references>
+      <freebsdsa>SA-10:08.bzip2</freebsdsa>
+      <freebsdpr>ports/151364</freebsdpr>
+      <cvename>CVE-2010-0405</cvename>
+      <bid>43331</bid>
+	  <mlist>http://www.openwall.com/lists/oss-security/2010/09/21/4</mlist>
+      <url>http://secunia.com/advisories/41452</url>
+    </references>
+    <dates>
+      <discovery>2010-09-21</discovery>
+      <entry>2010-10-25</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="18dc48fe-ca42-11df-aade-0050568f000c">
     <topic>FreeBSD -- Integer overflow in bzip2 decompression</topic>
     <affects>