Support Content Notification - Support Portal

BSA-2020-1276

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21696

Last Updated

05 February 2021

Initial Publication Date

25 September 2020

Status

Closed

Severity

Low

CVSS Base Score

6.5

WorkAround

Affected CVE

CVE-2016-3189

Summary

Security Advisory ID : BSA-2020-1276

Component : bzip2recover

Revision : 2.0

Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.

Affected Products
Security update provided in Brocade Fabric OS v8.2.2c, FOS v7.4.2g, FOS v8.2.0_CBN3, FOS v8.2.1e, FOS v8.1.2k, FOS v9.0.0 and upper releases.

Products Confirmed Not Vulnerable
No other Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.

Revision History

Version	Change	Date
1.0	Initial Publication	Sept 25, 2020
2.0	Affected products updated	Feb 5, 2021