C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. function.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
C-blosc2 Project
  • C-blosc2

Configuration 1 [-]

cpe:2.3:a:c-blosc2_project:c-blosc2:*:*:*:*:*:*:*:*
References
Link Resource
https://github.com/Blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5 Patch
https://github.com/Blosc/c-blosc2/compare/v2.9.2...v2.9.3 Release Notes
https://github.com/Blosc/c-blosc2/issues/520 Exploit Issue Tracking Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-25T00:00:00

Updated: 2023-12-25T06:28:42.354614

Reserved: 2023-06-28T00:00:00

Link: CVE-2023-37187

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-12-25T07:15:09.183

Modified: 2023-12-29T18:38:45.770

Link: CVE-2023-37187

JSON object: View

cve-icon Redhat Information

No data.

CWE