Lucene search
RustsecRUSTSEC-2023-0004HistoryJan 09, 2023 - 12:00 p.m.
bzip2 Denial of Service (DoS)
2023-01-0912:00:00
rustsec.org
31
bzip2
dos
infinite loop
specific payloads
issue
repository
patch
maintainer
update
untrusted data
software
0.001 Low
EPSS
Percentile
50.6%
Working with specific payloads can cause a Denial of Service (DoS) vector.
Both Decompress and Compress implementations can enter into infinite loops
given specific payloads entered that trigger it.
The issue is described in great detail in the bzip2 repository issue.
Thanks to bjrjk for finding and providing the patch for the issue and the
maintainer responsibly responding to release a fix quickly.
Users who use the crate with untrusted data should update the bzip2 to 0.4.4.
Related
osv
osv
bzip2 Denial of Service (DoS)
2023-01-09 12:00:00
bzip2 allows attackers to cause a denial of service via a large file that triggers an integer overflow
2023-01-10 03:30:29
CVE-2023-22895
2023-01-10 01:15:10
fedora
fedora
[SECURITY] Fedora 37 Update: rust-sequoia-sop-0.26.1-5.fc37
2023-03-07 01:34:34
[SECURITY] Fedora 36 Update: rust-sequoia-sq-0.26.0-5.fc36
2023-03-07 01:40:34
[SECURITY] Fedora 38 Update: rust-sequoia-sop-0.26.1-5.fc38
2023-03-11 03:47:00
cvelist
cvelist
CVE-2023-22895
2023-01-10 00:00:00
nvd
nvd
CVE-2023-22895
2023-01-10 01:15:10
nessus
nessus
openvas
openvas
Fedora: Security Advisory for rust-sequoia-sop (FEDORA-2023-c17427d18a)
2023-03-07 00:00:00
Fedora: Security Advisory for rust-sequoia-sop (FEDORA-2023-7bd6fbb5fa)
2023-03-07 00:00:00
Fedora: Security Advisory for rust-sequoia-sq (FEDORA-2023-c08ee112f6)
2023-03-12 00:00:00
ubuntucve
ubuntucve
CVE-2023-22895
2023-01-10 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-22895 affecting package mozjs60 60.9.0-10
2023-02-14 02:36:17
github
github
cve
cve
CVE-2023-22895
2023-01-10 01:15:10
prion
prion
Integer overflow
2023-01-10 01:15:00
debiancve
debiancve
CVE-2023-22895
2023-01-10 01:15:10