CVE-2011-4089

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2011-4089

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2011-4089.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2011-4089

Published

2014-04-16T18:37:11Z

Modified

2025-04-12T10:46:40Z

Summary

[none]

Details

The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

References

Affected packages

Debian:11 / bzip2

Package

Name: bzip2
Purl: pkg:deb/debian/bzip2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.6-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / bzip2

Package

Name: bzip2
Purl: pkg:deb/debian/bzip2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.6-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / bzip2

Package

Name: bzip2
Purl: pkg:deb/debian/bzip2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.6-1

Ecosystem specific

{
    "urgency": "low"
}