7 matches found
CVE-2023-29421
Technical details of CVE-2023-29421 are only in the initial description; no connected documents with concrete technical details are provided. Monitor for updates.
CVE-2023-29419
CVE-2023-29419 affects the library in the bzip3 project: specifically, the component libbzip3.a in bzip3 prior to 1.2.3, where the function bz3_decode_block can read out of bounds. The vulnerability is documented with a CVSS v3.1 base score of 6.5 (Medium), with network access, no privileges requ...
CVE-2023-29418
CVE-2023-29418 concerns libbzip3.a in bzip3 up to version 1.2.2 (fixed in 1.2.3). The issue is an xwrite out-of-bounds read in the library, yielding a high impact on availability per the CVSS vector. Documents from OSV and Nessus corroborate the vulnerability description. Affected component/file:...
CVE-2023-29415
CVE-2023-29415 affects libbzip3.a in bzip3 prior to version 1.3.0. The issue can cause a denial of service (process hang) when handling a crafted archive, due to improper interaction with libsais. Affects bzip3 users compiling or distributing the library prior to 1.3.0. The vulnerability increase...
CVE-2023-29420
CVE-2023-29420 affects libbzip3.a in bzip3, with a crash caused by an invalid memmove in bz3_decode_block present in versions before 1.2.3. The issue enables a NETWORK attack with LOW complexity and requires user interaction, yielding HIGH impact to availability and MEDIUM overall severity (CVSS ...
CVE-2023-29416
The CVE-2023-29416 issue affects libbzip3.a in bzip3 up to version 1.3.0, where a bz3_decode_block out-of-bounds write can occur with crafted archives due to non-adherence to the libsais interaction procedure. Reported impact includes HIGH availability risk with otherwise limited confidentiality/...
CVE-2023-29417
CVE-2023-29417 affects the libbzip3.a component in bzip3 1.2.2, where bz3_decompress can perform an out-of-bounds read if buffers passed to bzip3 do not have enough space for decompressed data. The vendor characterizes this as a contract-violation report and notes it as invalid from their perspec...