PT-2023-18759 · Bzip2+1 · Bzip2+1
Bjrjk
·
Published
2023-01-09
·
Updated
2025-05-17
·
CVE-2023-22895
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
bzip2 crate versions prior to 0.4.4
Description
The issue allows attackers to cause a denial of service via a large file that triggers an integer overflow in
mem.rs. This can lead to a denial of service (DoS) vector. Both Decompress and Compress implementations can enter into infinite loops given specific payloads that trigger it.Recommendations
For versions prior to 0.4.4, update the
bzip2 crate to 0.4.4 to resolve the issue. As a temporary workaround, consider avoiding the use of the crate with untrusted data until the update is applied.Exploit
Fix
DoS
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Bzip2