Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Bzip3
(Bzip3_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 7 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-04-06 | CVE-2023-29417 | An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a contract violation, and thus the report is invalid. | Bzip3 | 6.5 | ||
| 2023-04-06 | CVE-2023-29415 | An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais. | Bzip3, Debian_linux | 6.5 | ||
| 2023-04-06 | CVE-2023-29416 | An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais. | Bzip3 | 6.5 | ||
| 2023-04-06 | CVE-2023-29418 | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read. | Bzip3 | 6.5 | ||
| 2023-04-06 | CVE-2023-29419 | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read. | Bzip3 | 6.5 | ||
| 2023-04-06 | CVE-2023-29420 | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3_decode_block. | Bzip3 | 6.5 | ||
| 2023-04-06 | CVE-2023-29421 | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3_decode_block. | Bzip3 | 8.8 |