rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
eb6f2f5a545197cf70d26bdc831d08f718e4287b
advisory-db/crates/bzip2/RUSTSEC-2023-0004.md
aviyam181199 eb6f2f5a54 Update RUSTSEC-2023-0004.md (#1567) 
Changed publish date from September 1st to January 9th
2023-02-04 14:29:07 +01:00

843 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2023-0004"
package = "bzip2"
aliases = ["CVE-2023-22895", "GHSA-96jv-r488-c2rj"]
date = "2023-01-09"
url = "https://github.com/alexcrichton/bzip2-rs/pull/86"
categories = ["denial-of-service"]

[versions]
patched = [">= 0.4.4"]

bzip2 Denial of Service (DoS)

Working with specific payloads can cause a Denial of Service (DoS) vector.

Both Decompress and Compress implementations can enter into infinite loops given specific payloads entered that trigger it.

The issue is described in great detail in the bzip2 repository issue.

Thanks to bjrjk for finding and providing the patch for the issue and the maintainer responsibly responding to release a fix quickly.

Users who use the crate with untrusted data should update the bzip2 to 0.4.4.