Open mend-bolt-for-github[bot] opened 2 years ago
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
CVE-2019-12900 - Critical Severity Vulnerability
An operating system based on the best Windows NT design principles
Library home page: https://sourceforge.net/projects/reactos/
Found in HEAD commit: 53d912968350dc9f53d47b0479a18abff1adc0e0
Found in base branch: main
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
Publish Date: 2019-06-19
URL: CVE-2019-12900
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://gitlab.com/federicomenaquintero/bzip2/-/commit/812a898b7622de90e98f103ff7fed0984e4548e4#951eb5324dc64ed8c9225bfcdcb72ee7a3932918
Release Date: 2019-06-19
Fix Resolution: 1.0.8
Step up your Open Source Security Game with Mend here