Vulnerability Database

290,206

Total vulnerabilities in the database

CVE-2023-29417

An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a contract violation, and thus the report is invalid.

  • Published: Apr 6, 2023
  • Updated: Nov 8, 2023
  • CVE: CVE-2023-29417
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWEs:

Software From Fixed in
bzip3_project / bzip3 1.2.2 1.2.2.x