PT-2023-22245 · Bzip3+1 · Bzip3+1
Asarubboo
·
Published
2023-04-06
·
Updated
2024-08-02
·
CVE-2023-29417
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
bzip3 version 1.2.2
Description
An issue was discovered in libbzip3.a where there is a
bz3 decompress out-of-bounds read in certain situations. This occurs when buffers passed to bzip3 do not contain enough space to be filled with decompressed data. The vendor's perspective is that the observed behavior can only occur for a contract violation.Recommendations
For bzip3 version 1.2.2, consider implementing checks to ensure that buffers passed to bzip3 have enough space to be filled with decompressed data to prevent out-of-bounds reads. As a temporary workaround, consider adding error handling for situations where the decompressed data exceeds the buffer size.
Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Bzip3