Lucene search
K
Bzip3 ProjectBzip3

7 matches found

CVE
CVE
added 2023/04/06 12:0 a.m.118 views

CVE-2023-29421

Technical details of CVE-2023-29421 are only in the initial description; no connected documents with concrete technical details are provided. Monitor for updates.

8.8CVSS8.5AI score0.00916EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.67 views

CVE-2023-29419

CVE-2023-29419 affects the library in the bzip3 project: specifically, the component libbzip3.a in bzip3 prior to 1.2.3, where the function bz3_decode_block can read out of bounds. The vulnerability is documented with a CVSS v3.1 base score of 6.5 (Medium), with network access, no privileges requ...

6.5CVSS7.1AI score0.00888EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.63 views

CVE-2023-29418

CVE-2023-29418 concerns libbzip3.a in bzip3 up to version 1.2.2 (fixed in 1.2.3). The issue is an xwrite out-of-bounds read in the library, yielding a high impact on availability per the CVSS vector. Documents from OSV and Nessus corroborate the vulnerability description. Affected component/file:...

6.5CVSS6.5AI score0.00888EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.61 views

CVE-2023-29415

CVE-2023-29415 affects libbzip3.a in bzip3 prior to version 1.3.0. The issue can cause a denial of service (process hang) when handling a crafted archive, due to improper interaction with libsais. Affects bzip3 users compiling or distributing the library prior to 1.3.0. The vulnerability increase...

6.5CVSS6.9AI score0.0089EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.59 views

CVE-2023-29420

CVE-2023-29420 affects libbzip3.a in bzip3, with a crash caused by an invalid memmove in bz3_decode_block present in versions before 1.2.3. The issue enables a NETWORK attack with LOW complexity and requires user interaction, yielding HIGH impact to availability and MEDIUM overall severity (CVSS ...

6.5CVSS7.1AI score0.00888EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.57 views

CVE-2023-29416

The CVE-2023-29416 issue affects libbzip3.a in bzip3 up to version 1.3.0, where a bz3_decode_block out-of-bounds write can occur with crafted archives due to non-adherence to the libsais interaction procedure. Reported impact includes HIGH availability risk with otherwise limited confidentiality/...

6.5CVSS7.1AI score0.00902EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.50 views

CVE-2023-29417

CVE-2023-29417 affects the libbzip3.a component in bzip3 1.2.2, where bz3_decompress can perform an out-of-bounds read if buffers passed to bzip3 do not have enough space for decompressed data. The vendor characterizes this as a contract-violation report and notes it as invalid from their perspec...

6.5CVSS7AI score0.008EPSS