PT-2024-24368 · C-Blosc2 · C-Blosc2
Alkaidlx
·
Published
2024-04-02
·
Updated
2025-04-25
·
CVE-2024-3203
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
c-blosc2 versions up to 2.13.2
Description
A critical issue was found in the
ndlz8 decompress function of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. This issue leads to a heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Recommendations
For versions up to 2.13.2, upgrade to version 2.14.3 to address this issue. As a temporary workaround, consider disabling the
ndlz8 decompress function until a patch is available. Restrict access to the affected file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c to minimize the risk of exploitation.Exploit
Fix
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
C-Blosc2