CVE-2020-29367

Published Nov 27, 2020

Last updated 4 years ago

CVSS high 7.8

Overview

Description: blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:c-blosc2_project:c-blosc2:2.0.0:a2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F38E7F84-C0DD-4A66-8D73-2644234A96FC"
          },
          {
            "criteria": "cpe:2.3:a:c-blosc2_project:c-blosc2:2.0.0:a3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73549200-288F-41FD-8B92-DDDFC4C69C29"
          },
          {
            "criteria": "cpe:2.3:a:c-blosc2_project:c-blosc2:2.0.0:a4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D28CA7AD-5034-4754-9F95-155967E07FA0"
          },
          {
            "criteria": "cpe:2.3:a:c-blosc2_project:c-blosc2:2.0.0:a5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A429AC4-C03D-45DF-ADF9-1BC853C03AF1"
          },
          {
            "criteria": "cpe:2.3:a:c-blosc2_project:c-blosc2:2.0.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89600A69-9878-4ACB-84B4-4363F14FC348"
          },
          {
            "criteria": "cpe:2.3:a:c-blosc2_project:c-blosc2:2.0.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "579AD92B-4D68-4986-B0CD-24ABB767EABE"
          },
          {
            "criteria": "cpe:2.3:a:c-blosc2_project:c-blosc2:2.0.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9AA58E0-C130-43D6-A1A4-881840BEE51E"
          },
          {
            "criteria": "cpe:2.3:a:c-blosc2_project:c-blosc2:2.0.0:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B426166C-73BC-4234-8796-6D572177C9E8"
          },
          {
            "criteria": "cpe:2.3:a:c-blosc2_project:c-blosc2:2.0.0:beta5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6761509F-D81C-4E57-B9B1-F55460A9BA27"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References