PT-2024-24372 · C-Blosc2 · C-Blosc2
Alkaidlx
·
Published
2024-04-02
·
Updated
2025-04-25
·
CVE-2024-3204
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
c-blosc2 versions up to 2.13.2
Description
A critical issue has been found, affecting the
ndlz4 decompress function in the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. This issue leads to a heap-based buffer overflow. The attack can be launched remotely.Recommendations
For versions up to 2.13.2, upgrade to version 2.14.3 to address this issue. As a temporary workaround, consider disabling the
ndlz4 decompress function until a patch is available. Restrict access to the affected file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c to minimize the risk of exploitation.Exploit
Fix
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
C-Blosc2