Red Hat Bugzilla – Bug 157060
CAN-2005-1260 - bzip2 decompression bomb vulnerability
Last modified: 2007-04-18 13:25:01 EDT
+++ This bug was initially created as a clone of Bug #157057 +++
Whilst playing with "random bitflipping" technology, an effective decompression
bomb attack against bzip2 was identified. bzip2 can be made to decompress
into a file indefinitely when it encounters a suitably corrupt bzip2 archive.
Demo bz2 archive:
Fixed in 1.0.3.
No disclosure date yet.
Removing security flag & This bug duplicates bug 158801.
Should be closed DUPLICATE.
*** This bug has been marked as a duplicate of 158801 ***