7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
50.6%
The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of
service via a large file that triggers an integer overflow in mem.rs. NOTE:
this is unrelated to the https://crates.io/crates/bzip2-rs product.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | rust-bzip2 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | rust-bzip2 | < any | UNKNOWN |
ubuntu | 23.10 | noarch | rust-bzip2 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | rust-bzip2 | < any | UNKNOWN |
crates.io/crates/bzip2/versions
github.com/alexcrichton/bzip2-rs/commit/90c9c182cd5a5ebc75810aebd89b347a7bdf590b (0.4.4)
github.com/alexcrichton/bzip2-rs/pull/86
launchpad.net/bugs/cve/CVE-2023-22895
nvd.nist.gov/vuln/detail/CVE-2023-22895
security-tracker.debian.org/tracker/CVE-2023-22895
www.cve.org/CVERecord?id=CVE-2023-22895