fkie_cve-2024-3203
Vulnerability from fkie_nvd
Published
2024-04-02 22:15
Modified
2025-04-25 14:45
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-259050 is the identifier assigned to this vulnerability.
References
cna@vuldb.comhttps://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharingProduct
cna@vuldb.comhttps://github.com/Blosc/c-blosc2/releases/tag/v2.14.3Release Notes
cna@vuldb.comhttps://vuldb.com/?ctiid.259050Permissions Required, VDB Entry
cna@vuldb.comhttps://vuldb.com/?id.259050Third Party Advisory, VDB Entry
cna@vuldb.comhttps://vuldb.com/?submit.304556Exploit, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharingProduct
af854a3a-2127-422b-91ae-364da2661108https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3Release Notes
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?ctiid.259050Permissions Required, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?id.259050Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?submit.304556Exploit, VDB Entry
Impacted products
Vendor Product Version
blosc c-blosc2 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:blosc:c-blosc2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3560FC02-24C1-498F-AA85-9EEF17F86841",
              "versionEndIncluding": "2.13.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-259050 is the identifier assigned to this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad fue encontrada en c-blosc2 hasta 2.13.2 y clasificada como cr\u00edtica. La funci\u00f3n ndlz8_decompress del archivo /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c es afectada por la vulnerabilidad. La manipulaci\u00f3n conduce a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-259050 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
    }
  ],
  "id": "CVE-2024-3203",
  "lastModified": "2025-04-25T14:45:29.780",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-04-02T22:15:10.320",
  "references": [
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Product"
      ],
      "url": "https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?ctiid.259050"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?id.259050"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?submit.304556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?ctiid.259050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?id.259050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?submit.304556"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.