VYPR
Unrated severityNVD Advisory· Published Aug 12, 2002· Updated Jun 16, 2026

CVE-2002-0759

CVE-2002-0759

Description

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.

Affected products

13
  • Bzip/Bzip211 versions
    cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:bzip:bzip2:0.9.0a:*:*:*:*:*:*:*
    • cpe:2.3:a:bzip:bzip2:0.9.0b:*:*:*:*:*:*:*
    • cpe:2.3:a:bzip:bzip2:0.9.0c:*:*:*:*:*:*:*
    • cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*
    • cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*
    • cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*
    • cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*
    • cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*
    • (no CPE)range: <1.0.2
  • FreeBSD/FreeBSDllm-fuzzy
    Range: <=4.5
  • Range: =3.1 and 3.1.1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.