Unrated severityNVD Advisory· Published Apr 6, 2023· Updated Feb 13, 2025

CVE-2023-29415

Description

An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A denial of service (process hang) in bzip3 versions before 1.3.0 via crafted archive due to improper libsais interaction.

Vulnerability

An issue exists in libbzip3.a in bzip3 versions before 1.3.0. When processing a crafted archive, the library fails to properly interact with libsais, causing a denial of service (process hang). All versions prior to 1.3.0 are affected.

Exploitation

An attacker can trigger the hang by providing a specially crafted archive to a system using bzip3 for decompression. No authentication is required; the archive may be processed automatically, e.g., upon download or during archive extraction.

Impact

Successful exploitation leads to a denial of service: the process hangs indefinitely, consuming CPU resources. This can result in unavailability of the decompression service or application.

Mitigation

The vulnerability is fixed in bzip3 version 1.3.0. Users should upgrade to this or a later version. No workaround is documented for older versions. The fix is included in the repository changes between 1.2.3 and 1.3.0 [1].

References

Comparing 1.2.3...1.3.0 · iczelia/bzip3

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

bzip3/bzip3description
bzip3/bzip3llm-fuzzy
Range: <1.3.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000