High severityNVD Advisory· Published Jan 10, 2023· Updated Apr 7, 2025
CVE-2023-22895
CVE-2023-22895
Description
The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bzip2crates.io | < 0.4.4 | 0.4.4 |
Affected products
5- Rust/bzip2 cratedescription
- ghsa-coords4 versionspkg:cargo/bzip2pkg:rpm/opensuse/python-cramjam&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rage-encryption&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/wasm-pack&distro=openSUSE%20Tumbleweed
< 0.4.4+ 3 more
- (no CPE)range: < 0.4.4
- (no CPE)range: < 2.9.1-1.3
- (no CPE)range: < 0.9.0+0-4.1
- (no CPE)range: < 0.10.3~0-2.1
Patches
Vulnerability mechanics
References
12- github.com/advisories/GHSA-96jv-r488-c2rjghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MI5SVRSGKBWB2JGDLDVIFY5ZQVDZP6I7/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQK57GGXJX3AH7KF6S7S3N7JC5QOYUQ7/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UUK2JO25PPA6XBREKJRBLRCD22LKIOLO/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2023-22895ghsaADVISORY
- crates.io/crates/bzip2/versionsghsaWEB
- github.com/alexcrichton/bzip2-rs/commit/90c9c182cd5a5ebc75810aebd89b347a7bdf590bghsaWEB
- github.com/alexcrichton/bzip2-rs/pull/86ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MI5SVRSGKBWB2JGDLDVIFY5ZQVDZP6I7ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQK57GGXJX3AH7KF6S7S3N7JC5QOYUQ7ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UUK2JO25PPA6XBREKJRBLRCD22LKIOLOghsaWEB
- rustsec.org/advisories/RUSTSEC-2023-0004.htmlghsaWEB
News mentions
0No linked articles in our index yet.