Open mend-bolt-for-github[bot] opened 1 year ago
Bindings to libbzip2 for bzip2 compression and decompression exposed as Reader/Writer streams.
Library home page: https://crates.io/api/v1/crates/bzip2/0.3.3/download
Path to dependency file: /third_party/rust_crates/vendor/zip/Cargo.toml
Path to vulnerable library: /third_party/rust_crates/vendor/zip/Cargo.toml
Dependency Hierarchy: - :x: **bzip2-0.3.3.crate** (Vulnerable Library)
Found in base branch: master
The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.
Publish Date: 2023-01-10
URL: CVE-2023-22895
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22895
Release Date: 2023-01-10
Fix Resolution: bzip2 - 0.4.4
Step up your Open Source Security Game with Mend here
CVE-2023-22895 - High Severity Vulnerability
Bindings to libbzip2 for bzip2 compression and decompression exposed as Reader/Writer streams.
Library home page: https://crates.io/api/v1/crates/bzip2/0.3.3/download
Path to dependency file: /third_party/rust_crates/vendor/zip/Cargo.toml
Path to vulnerable library: /third_party/rust_crates/vendor/zip/Cargo.toml
Dependency Hierarchy: - :x: **bzip2-0.3.3.crate** (Vulnerable Library)
Found in base branch: master
The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.
Publish Date: 2023-01-10
URL: CVE-2023-22895
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22895
Release Date: 2023-01-10
Fix Resolution: bzip2 - 0.4.4
Step up your Open Source Security Game with Mend here