PT-2023-25824 · C-Blosc2 · C-Blosc2

Rish9101

Publicado

2023-12-25

Atualizado

2025-04-25

CVE-2023-37188

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions C-blosc2 versions prior to 2.9.3

Description The issue is related to a NULL pointer dereference in the function zfp rate decompress at zfp/blosc2-zfp.c. This indicates a problem where the code attempts to access memory through a null (non-existent) pointer, which can lead to crashes or potentially allow an attacker to execute arbitrary code.

Recommendations For versions prior to 2.9.3, update to version 2.9.3 or later to resolve the issue. As a temporary workaround, consider disabling the zfp rate decompress function until a patch is available.

Exploit

Correção

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

CVE-2023-37188

Produtos afetados

C-Blosc2

PT-2023-25824 · C-Blosc2 · C-Blosc2

CVE-2023-37188

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7