CVE-2023-29415

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-29415
An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/kspalaiologos/bzip3/compare/1.2.3...1.3.0 Patch
https://github.com/kspalaiologos/bzip3/compare/1.2.3...1.3.0 Patch
https://github.com/kspalaiologos/bzip3/issues/95 Exploit Issue Tracking Patch Third Party Advisory
https://github.com/kspalaiologos/bzip3/issues/95 Exploit Issue Tracking Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JLSE25SV7K2NB6FTFT4UHJOJUHBHYHY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JLSE25SV7K2NB6FTFT4UHJOJUHBHYHY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NA7S7HDUAINOTCSWQZ5LIW756DYY22V2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NA7S7HDUAINOTCSWQZ5LIW756DYY22V2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMLFV2FJK3CM7NJLVPZI5RUAFQZICPWW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMLFV2FJK3CM7NJLVPZI5RUAFQZICPWW/
https://security-tracker.debian.org/tracker/CVE-2023-29415 Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2023-29415 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:bzip3_project:bzip3:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
History

13 Feb 2025, 21:15

Type Values Removed Values Added
References (MISC) https://github.com/kspalaiologos/bzip3/compare/1.2.3...1.3.0 - Patch () https://github.com/kspalaiologos/bzip3/compare/1.2.3...1.3.0 - Patch
References (MISC) https://security-tracker.debian.org/tracker/CVE-2023-29415 - Third Party Advisory () https://security-tracker.debian.org/tracker/CVE-2023-29415 - Third Party Advisory
References (MISC) https://github.com/kspalaiologos/bzip3/issues/95 - Exploit, Issue Tracking, Patch, Third Party Advisory () https://github.com/kspalaiologos/bzip3/issues/95 - Exploit, Issue Tracking, Patch, Third Party Advisory

07 Nov 2023, 04:11

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMLFV2FJK3CM7NJLVPZI5RUAFQZICPWW/', 'name': 'FEDORA-2023-3589ad1c55', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4JLSE25SV7K2NB6FTFT4UHJOJUHBHYHY/', 'name': 'FEDORA-2023-c08f9dfc16', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NA7S7HDUAINOTCSWQZ5LIW756DYY22V2/', 'name': 'FEDORA-2023-3a821e6e73', 'tags': [], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMLFV2FJK3CM7NJLVPZI5RUAFQZICPWW/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JLSE25SV7K2NB6FTFT4UHJOJUHBHYHY/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NA7S7HDUAINOTCSWQZ5LIW756DYY22V2/ -

15 Apr 2023, 04:16

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMLFV2FJK3CM7NJLVPZI5RUAFQZICPWW/ -

14 Apr 2023, 03:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4JLSE25SV7K2NB6FTFT4UHJOJUHBHYHY/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NA7S7HDUAINOTCSWQZ5LIW756DYY22V2/ -

12 Apr 2023, 17:25

Type Values Removed Values Added
First Time Bzip3 Project
Bzip3 Project bzip3
Debian debian Linux
Debian
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
References (MISC) https://github.com/kspalaiologos/bzip3/compare/1.2.3...1.3.0 - (MISC) https://github.com/kspalaiologos/bzip3/compare/1.2.3...1.3.0 - Patch
References (MISC) https://github.com/kspalaiologos/bzip3/issues/95 - (MISC) https://github.com/kspalaiologos/bzip3/issues/95 - Exploit, Issue Tracking, Patch, Third Party Advisory
References (MISC) https://security-tracker.debian.org/tracker/CVE-2023-29415 - (MISC) https://security-tracker.debian.org/tracker/CVE-2023-29415 - Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:a:bzip3_project:bzip3:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo

07 Apr 2023, 14:15

Type Values Removed Values Added
References
  • (MISC) https://security-tracker.debian.org/tracker/CVE-2023-29415 -

06 Apr 2023, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-04-06 05:15

Updated : 2025-02-13 21:15

NVD link : CVE-2023-29415

Mitre link : CVE-2023-29415

JSON object : View

Products Affected

debian

  • debian_linux

bzip3_project

  • bzip3
CWE
NVD-CWE-noinfo