Vulnerability Description
A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-259050 is the identifier assigned to this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Blosc | C-Blosc2 | <= 2.13.2 |
Related Weaknesses (CWE)
References
- https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=shaProduct
- https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3Release Notes
- https://vuldb.com/?ctiid.259050Permissions RequiredVDB Entry
- https://vuldb.com/?id.259050Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.304556ExploitVDB Entry
- https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=shaProduct
- https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3Release Notes
- https://vuldb.com/?ctiid.259050Permissions RequiredVDB Entry
- https://vuldb.com/?id.259050Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.304556ExploitVDB Entry
FAQ
What is CVE-2024-3203?
CVE-2024-3203 is a vulnerability with a CVSS score of 7.3 (HIGH). A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulati...
How severe is CVE-2024-3203?
CVE-2024-3203 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-3203?
Check the references section above for vendor advisories and patch information. Affected products include: Blosc C-Blosc2.