Ubuntu.comUB:CVE-2023-29419CVE-2023-29419
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
39.6%
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a
bz3_decode_block out-of-bounds read.
Bugs
Notes
| Author | Note |
|---|---|
| sbeattie | CVE is for crash 3 in github issue, reproducer is included |
References
github.com/kspalaiologos/bzip3/commit/8ec8ce7d3d58bf42dabc47e4cc53aa27051bd602 (1.2.3)
github.com/kspalaiologos/bzip3/compare/1.2.2...1.2.3
launchpad.net/bugs/cve/CVE-2023-29419
nvd.nist.gov/vuln/detail/CVE-2023-29419
security-tracker.debian.org/tracker/CVE-2023-29419
www.cve.org/CVERecord?id=CVE-2023-29419
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
39.6%