The bzexe command in bzip2 1.0.5 and earlier generates...
Moderate severity
Unreviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Jan 28, 2023
Description
Published by the National Vulnerability Database
Apr 16, 2014
Published to the GitHub Advisory Database
May 17, 2022
Last updated
Jan 28, 2023
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
References