Lucene search

MitreCVELIST:CVE-2023-29415

HistoryApr 06, 2023 - 12:00 a.m.

CVE-2023-29415

2023-04-0600:00:00

mitre

www.cve.org

cve-2023-29415

bzip3

process hang

crafted archive

libsais

AI Score

6.9

Confidence

High

EPSS

0.002

Percentile

55.9%

JSON

An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.

References

github.com/kspalaiologos/bzip3/compare/1.2.3...1.3.0

github.com/kspalaiologos/bzip3/issues/95

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JLSE25SV7K2NB6FTFT4UHJOJUHBHYHY/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NA7S7HDUAINOTCSWQZ5LIW756DYY22V2/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMLFV2FJK3CM7NJLVPZI5RUAFQZICPWW/

security-tracker.debian.org/tracker/CVE-2023-29415