Fixed
Created: Aug 21, 2019
Updated: Aug 27, 2019
Resolved Date: Aug 22, 2019
Found In Version: 10.18.44.10
Fix Version: 10.18.44.10
Severity: Critical
Applicable for: Wind River Linux LTS 18
Component/s: Userspace
A vulnerability in the BZ2_decompress function of bzip2 could allow an unauthenticated, remote attacker to execute arbitrary code, access sensitive information, or cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to an out-of-bounds write condition that exists in the BZ2_decompress function, as defined in the decompress.c source code file of the affected software. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. A successful exploit could trigger an out-of-bounds write condition that the attacker could use to conduct further attacks.