search

ostroproject / ostro-os-xt

Ostro OS XT
MIT License
18 stars 25 forks source link

bzip vulnerability CVE-2016-3189 #14

Open ipuustin opened 8 years ago

ipuustin commented 8 years ago

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189 reported by cve-checker.

ipuustin commented 8 years ago

CVSS base score is 6.5 -- medium. This attack would require a local user to use bzip2recover to recover a (broken) malicious bzip2 archive. This is unlikely to happen in a non-interactive system. Modified CVSS score 4.7 -- medium.

https://nvd.nist.gov/cvss/v3-calculator?name=CVE-2016-3189&vector=AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H