Debian Bzip3 vulnerabilities

7 known vulnerabilities affecting debian/bzip3.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM5LOW1

Vulnerabilities

Page 1 of 1
CVE-2023-29421HIGHCVSS 8.8fixed in bzip3 1.2.2-2 (bookworm)2023
CVE-2023-29421 [HIGH] CVE-2023-29421: bzip3 - An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-... An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3_decode_block. Scope: local bookworm: resolved (fixed in 1.2.2-2) forky: resolved (fixed in 1.2.2-2) sid: resolved (fixed in 1.2.2-2) trixie: resolved (fixed in 1.2.2-2)
debian
CVE-2023-29416MEDIUMCVSS 6.5fixed in bzip3 1.2.2-2 (bookworm)2023
CVE-2023-29416 [MEDIUM] CVE-2023-29416: bzip3 - An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block ... An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais. Scope: local bookworm: resolved (fixed in 1.2.2-2) forky: resolved (fixed in 1.2.2-2) sid: resolved (fixed in 1.2.2-2) trixie: resolved (fixed in 1.2.2-
debian
CVE-2023-29415MEDIUMCVSS 6.5fixed in bzip3 1.2.2-2 (bookworm)2023
CVE-2023-29415 [MEDIUM] CVE-2023-29415: bzip3 - An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service... An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais. Scope: local bookworm: resolved (fixed in 1.2.2-2) forky: resolved (fixed in 1.2.2-2) sid: resolved (fixed in 1.2.2-2) trixie: resolved (fixed in 1.2.2-2)
debian
CVE-2023-29420MEDIUMCVSS 6.5fixed in bzip3 1.2.2-2 (bookworm)2023
CVE-2023-29420 [MEDIUM] CVE-2023-29420: bzip3 - An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash ca... An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3_decode_block. Scope: local bookworm: resolved (fixed in 1.2.2-2) forky: resolved (fixed in 1.2.2-2) sid: resolved (fixed in 1.2.2-2) trixie: resolved (fixed in 1.2.2-2)
debian
CVE-2023-29418MEDIUMCVSS 6.5fixed in bzip3 1.2.2-2 (bookworm)2023
CVE-2023-29418 [MEDIUM] CVE-2023-29418: bzip3 - An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite ... An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read. Scope: local bookworm: resolved (fixed in 1.2.2-2) forky: resolved (fixed in 1.2.2-2) sid: resolved (fixed in 1.2.2-2) trixie: resolved (fixed in 1.2.2-2)
debian
CVE-2023-29419MEDIUMCVSS 6.5fixed in bzip3 1.2.2-2 (bookworm)2023
CVE-2023-29419 [MEDIUM] CVE-2023-29419: bzip3 - An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_deco... An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read. Scope: local bookworm: resolved (fixed in 1.2.2-2) forky: resolved (fixed in 1.2.2-2) sid: resolved (fixed in 1.2.2-2) trixie: resolved (fixed in 1.2.2-2)
debian
CVE-2023-29417LOWCVSS 6.52023
CVE-2023-29417 [MEDIUM] CVE-2023-29417: bzip3 - An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress ... An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a contract violation, and thus the report is invalid. Scope: local bookw
debian