CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22895
https://notcve.org/view.php?id=CVE-2023-22895
The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product. • https://crates.io/crates/bzip2/versions https://github.com/alexcrichton/bzip2-rs/pull/86 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MI5SVRSGKBWB2JGDLDVIFY5ZQVDZP6I7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQK57GGXJX3AH7KF6S7S3N7JC5QOYUQ7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UUK2JO25PPA6XBREKJRBLRCD22LKIOLO • CWE-190: Integer Overflow or Wraparound •