C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at zfp/blosc2-zfp.c.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
C-blosc2 Project
  • C-blosc2

Configuration 1 [-]

cpe:2.3:a:c-blosc2_project:c-blosc2:*:*:*:*:*:*:*:*
References
Link Resource
https://github.com/Blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5 Patch
https://github.com/Blosc/c-blosc2/compare/v2.9.2...v2.9.3 Release Notes
https://github.com/Blosc/c-blosc2/issues/519 Exploit Issue Tracking Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-25T00:00:00

Updated: 2023-12-25T06:38:22.159347

Reserved: 2023-06-28T00:00:00

Link: CVE-2023-37185

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-12-25T07:15:08.793

Modified: 2023-12-29T18:38:31.433

Link: CVE-2023-37185

JSON object: View

cve-icon Redhat Information

No data.

CWE