Bzip3 Project Bzip3 1.2.2

CPE Details

Bzip3 Project Bzip3 1.2.2
bzip3_project
bzip3
1.2.2
2023-04-08
00h43 +00:00
2023-06-05
13h51 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:bzip3_project:bzip3:1.2.2:*:*:*:*:*:*:*

Informations

Vendor

bzip3_project

Product

bzip3

Version

1.2.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-29415 2023-04-06 00h00 +00:00 An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.
6.5
Medium
CVE-2023-29416 2023-04-06 00h00 +00:00 An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.
6.5
Medium
CVE-2023-29418 2023-04-06 00h00 +00:00 An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read.
6.5
Medium
CVE-2023-29419 2023-04-06 00h00 +00:00 An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read.
6.5
Medium
CVE-2023-29420 2023-04-06 00h00 +00:00 An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3_decode_block.
6.5
Medium
CVE-2023-29421 2023-04-06 00h00 +00:00 An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3_decode_block.
8.8
High
CVE-2023-29417 2023-04-05 22h00 +00:00 An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a contract violation, and thus the report is invalid.
6.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.