CVE-2005-1260
Published May 19, 2005
·Updated
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
Affected Software
6 affected components
Bzip bzip2<1.0.3
Canonical Ubuntu Linux=4.10
Canonical Ubuntu Linux=5.04
Debian Debian Linux=3.1
Debian Debian Linux=3.0
Apple iOS and macOS<10.4.11
Event History
May 19, 2005
CVE Published
04:00 AM
CVE Published
via MITRE·08:00 AM
Data Sourced
via MITRE·08:00 AM
Description
Frequently Asked Questions
1
What is the severity of CVE-2005-1260?
CVE-2005-1260 has a moderate severity level as it can lead to denial of service through hard drive consumption.
2
How do I fix CVE-2005-1260?
To fix CVE-2005-1260, update to the latest version of bzip2 that addresses this vulnerability.
3
Which software versions are affected by CVE-2005-1260?
CVE-2005-1260 affects bzip2 versions prior to 1.0.3 and specific versions of Ubuntu and Debian Linux distributions.
4
What type of attack does CVE-2005-1260 involve?
CVE-2005-1260 involves an attack known as a "decompression bomb," causing infinite loops during file extraction.
5
Can CVE-2005-1260 be exploited remotely?
Yes, CVE-2005-1260 can be exploited remotely by sending a crafted bzip2 file to the target system.