CVE-2024-3203

Опубликовано: 02 апр. 2024

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 7.5

CVSS3: 7.3

Описание

A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-259050 is the identifier assigned to this vulnerability.

Релиз	Статус	Примечание
devel	needs-triage
esm-apps/noble	needs-triage
esm-infra/focal	DNE
focal	DNE
jammy	DNE
mantic	DNE
noble	needs-triage
oracular	ignored	end of life, was needs-triage
plucky	ignored	end of life, was needs-triage
questing	needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 62%

0.00423

Низкий

7.5 High

CVSS2

7.3 High

CVSS3

Связанные уязвимости

CVE-2024-3203

CVSS3: 7.3

nvd

почти 2 года назад

CVE-2024-3203

CVSS3: 7.3

debian

почти 2 года назад

A vulnerability, which was classified as critical, was found in c-blos ...

GHSA-pf5m-h35j-7c4j

CVSS3: 7.3

github

почти 2 года назад

A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259050 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

EPSS

Процентиль: 62%

0.00423

Низкий

7.5 High

CVSS2

7.3 High

CVSS3

CVE-2024-3203

Описание

Пакет c-blosc2

Ссылки на источники

Связанные уязвимости