CVE-2020-29367

Опубликовано: 27 нояб. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 9.3

EPSS Низкий

Описание

blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.

Ссылки

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26442
Mailing List
Third Party Advisory
https://github.com/Blosc/c-blosc2/commit/c4c6470e88210afc95262c8b9fcc27e30ca043ee
Patch
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26442
Mailing List
Third Party Advisory
https://github.com/Blosc/c-blosc2/commit/c4c6470e88210afc95262c8b9fcc27e30ca043ee
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:blosc:c-blosc2:2.0.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:blosc:c-blosc2:2.0.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:blosc:c-blosc2:2.0.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:blosc:c-blosc2:2.0.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:blosc:c-blosc2:2.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:blosc:c-blosc2:2.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:blosc:c-blosc2:2.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:blosc:c-blosc2:2.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:blosc:c-blosc2:2.0.0:beta5:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00129

Низкий

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2020-29367

CVSS3: 7.4

redhat

около 5 лет назад

blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.

openSUSE-SU-2020:2337-1

suse-cvrf