SUSE: CVE-2023-22895: SUSE Linux Security Advisory

SUSE: CVE-2023-22895: SUSE Linux Security Advisory

Severity

8

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

01/10/2023

Created

06/14/2023

Added

06/13/2023

Modified

01/28/2025

Description

The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.

Solution(s)

• suse-upgrade-rage-encryption
• suse-upgrade-rage-encryption-bash-completion

References

• https://attackerkb.com/topics/cve-2023-22895
• CVE - 2023-22895