PT-2020-17143 · Blosc+1 · C-Blosc2+1

Nmoinvaz

Published

2020-11-27

Updated

2025-04-25

CVE-2020-29367

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Blosc C-Blosc2 versions through 2.0.0.beta.5

Description The issue arises from a heap-based buffer overflow in the blosc2.c file when there is insufficient space to write compressed data.

Recommendations For versions through 2.0.0.beta.5, consider updating to a newer version that addresses this issue, as using the current version may pose a risk due to the heap-based buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2020-29367

GHSA-8C7C-2C8J-3XFP

MGASA-2021-0051

OPENSUSE-SU-2020:2337-1

OPENSUSE-SU-2020_2337-1

OPENSUSE-SU-2024:10655-1

PYSEC-2020-343

Affected Products

C-Blosc2

Suse

PT-2020-17143 · Blosc+1 · C-Blosc2+1

CVE-2020-29367

Weakness Enumeration

Related Identifiers

Affected Products

References · 19