CVE-2024-3204

Опубликовано: 02 апр. 2024

Источник: ubuntu

Приоритет: medium

CVSS2: 7.5

CVSS3: 7.3

Описание

A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-259051.

Релиз	Статус	Примечание
devel	needs-triage
esm-apps/noble	needs-triage
esm-infra/focal	DNE
focal	DNE
jammy	DNE
mantic	DNE
noble	needs-triage
oracular	ignored	end of life, was needs-triage
plucky	ignored	end of life, was needs-triage
questing	needs-triage

Показывать по

Ссылки на источники

7.5 High

CVSS2

7.3 High

CVSS3

Связанные уязвимости

CVE-2024-3204

CVSS3: 7.3

nvd

почти 2 года назад

CVE-2024-3204

CVSS3: 7.3

debian

почти 2 года назад

A vulnerability has been found in c-blosc2 up to 2.13.2 and classified ...

GHSA-c52r-8hmj-x4qg

CVSS3: 7.3

github

почти 2 года назад

A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259051. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

7.5 High

CVSS2

7.3 High

CVSS3

CVE-2024-3204

Описание

Пакет c-blosc2

Ссылки на источники

Связанные уязвимости