CVE-2023-29415
https://notcve.org/view.php?id=CVE-2023-29415
An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais. • https://github.com/kspalaiologos/bzip3/compare/1.2.3...1.3.0 https://github.com/kspalaiologos/bzip3/issues/95 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JLSE25SV7K2NB6FTFT4UHJOJUHBHYHY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NA7S7HDUAINOTCSWQZ5LIW756DYY22V2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMLFV2FJK3CM7NJLVPZI5RUAFQZICPWW https://security-tracker.debian.org/tracker/CVE- •
CVE-2023-29416
https://notcve.org/view.php?id=CVE-2023-29416
An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais. • https://github.com/kspalaiologos/bzip3/commit/bfa5bf82b53715dfedf048e5859a46cf248668ff https://github.com/kspalaiologos/bzip3/compare/1.2.3...1.3.0 https://github.com/kspalaiologos/bzip3/issues/92 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JLSE25SV7K2NB6FTFT4UHJOJUHBHYHY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NA7S7HDUAINOTCSWQZ5LIW756DYY22V2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message& • CWE-787: Out-of-bounds Write •
CVE-2023-29417
https://notcve.org/view.php?id=CVE-2023-29417
An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a contract violation, and thus the report is invalid. • https://github.com/kspalaiologos/bzip3/issues/97 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JLSE25SV7K2NB6FTFT4UHJOJUHBHYHY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NA7S7HDUAINOTCSWQZ5LIW756DYY22V2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMLFV2FJK3CM7NJLVPZI5RUAFQZICPWW • CWE-125: Out-of-bounds Read •
CVE-2023-29418
https://notcve.org/view.php?id=CVE-2023-29418
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read. • https://github.com/kspalaiologos/bzip3/commit/aae16d107f804f69000c09cd92027a140968cc9d https://github.com/kspalaiologos/bzip3/compare/1.2.2...1.2.3 https://github.com/kspalaiologos/bzip3/issues/92 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JLSE25SV7K2NB6FTFT4UHJOJUHBHYHY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NA7S7HDUAINOTCSWQZ5LIW756DYY22V2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message& • CWE-125: Out-of-bounds Read •
CVE-2023-29419
https://notcve.org/view.php?id=CVE-2023-29419
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read. • https://github.com/kspalaiologos/bzip3/commit/8ec8ce7d3d58bf42dabc47e4cc53aa27051bd602 https://github.com/kspalaiologos/bzip3/compare/1.2.2...1.2.3 https://github.com/kspalaiologos/bzip3/issues/92 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JLSE25SV7K2NB6FTFT4UHJOJUHBHYHY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NA7S7HDUAINOTCSWQZ5LIW756DYY22V2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message& • CWE-125: Out-of-bounds Read •