Veracode Vulnerability DatabaseVERACODE:40121Denial Of Service (DoS)
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
55.9%
libbzip3.so is vulnerable to Denial Of Service (DoS). The vulnerability exists in xwrite function of main.c because of not following the required procedure for interacting with libsais causing an application crash.
References
github.com/advisories/GHSA-x9qg-mxcc-p559
github.com/kspalaiologos/bzip3/commit/56c24ca1f8f25e648d42154369b6962600f76465
github.com/kspalaiologos/bzip3/compare/1.2.3...1.3.0
github.com/kspalaiologos/bzip3/issues/95
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JLSE25SV7K2NB6FTFT4UHJOJUHBHYHY/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NA7S7HDUAINOTCSWQZ5LIW756DYY22V2/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMLFV2FJK3CM7NJLVPZI5RUAFQZICPWW/
lists.fedoraproject.org/archives/list/[email protected]/message/4JLSE25SV7K2NB6FTFT4UHJOJUHBHYHY/
lists.fedoraproject.org/archives/list/[email protected]/message/NA7S7HDUAINOTCSWQZ5LIW756DYY22V2/
lists.fedoraproject.org/archives/list/[email protected]/message/NMLFV2FJK3CM7NJLVPZI5RUAFQZICPWW/
security-tracker.debian.org/tracker/CVE-2023-29415
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
55.9%