Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: bzip2

Found 1 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-42250
5.1 MEDIUM
  • CVSS version (CVSS): 4.0
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Attack Requirement (AT): None (N)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Vulnerable System Impact Confidentiality (VC): None (N)
  • Vulnerable System Impact Integrity (VI): None (N)
  • Vulnerable System Impact Availability (VA): Low (L)
  • Subsequent System Impact Confidentiality (SC): None (N)
  • Subsequent System Impact Integrity (SI): None (N)
  • Subsequent System Impact Availability (SA): None (N)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Attack Requirement (MAT): None (N)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Vulnerable System Impact Confidentiality (MVC): None (N)
  • Modified Vulnerable System Impact Integrity (MVI): None (N)
  • Modified Vulnerable System Impact Availability (MVA): Low (L)
  • Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
  • Modified Subsequent System Impact Integrity (MSI): Negligible (N)
  • Modified Subsequent System Impact Availability (MSA): Negligible (N)
  • Safety (S): Not Defined (X)
  • Automatable (AU): Not Defined (X)
  • Recovery (R): Not Defined (X)
  • Value Density (V): Not Defined (X)
  • Vulnerability Response Effort (RE): Not Defined (X)
  • Provider Urgency (U): Not Defined (X)
  • Confidentiality Req. (CR): Not Defined (X)
  • Integrity Req. (IR): Not Defined (X)
  • Availability Req. (AR): Not Defined (X)
  • Exploit Maturity (E): Not Defined (X)
updated 1 week, 6 days ago by @LeSuisse Activity log
  • Created suggestion 2 weeks, 2 days ago
  • @LeSuisse ignored
    18 packages
    • lbzip2
    • pbzip2
    • bzip2_1_1
    • indexed-bzip2
    • minimal-bootstrap.bzip2
    • haskellPackages.bzip2-clib
    • perlPackages.CompressBzip2
    • perl5Packages.CompressBzip2
    • perl538Packages.CompressBzip2
    • perl540Packages.CompressBzip2
    • perlPackages.CompressRawBzip2
    • minimal-bootstrap.bzip2-static
    • perl5Packages.CompressRawBzip2
    • python312Packages.indexed-bzip2
    • python313Packages.indexed-bzip2
    • python314Packages.indexed-bzip2
    • perl538Packages.CompressRawBzip2
    • perl540Packages.CompressRawBzip2
    2 weeks, 2 days ago
  • @LeSuisse restored package bzip2_1_1 2 weeks, 2 days ago
  • @LeSuisse accepted 2 weeks, 2 days ago
  • @LeSuisse published on GitHub 1 week, 6 days ago
Off-by-One Leading to Out-of-Bounds Write in bzip2

bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of service). This issue was fixed in bzip2 patch 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67

Affected products

bzip2
  • ==35d122a3df8b0cc4082a4d89fdc6ee99f375fe67
  • =<1.0.8

Matching in nixpkgs

pkgs.bzip2

High-quality data compression program

Ignored packages (17)

pkgs.lbzip2

Parallel bzip2 compression utility

  • nixos-unstable 2.5
    • nixpkgs-unstable 2.5
    • nixos-unstable-small 2.5

pkgs.pbzip2

Parallel implementation of bzip2 for multi-core machines

pkgs.indexed-bzip2

Python library for parallel decompression and seeking within compressed bzip2 files

Package maintainers