CVE-2023-37185

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 25, 2023

Updated: Dec 29, 2023

CWE ID 476

Summary

CVE-2023-37185 is a newly identified vulnerability affecting C-blosc2 versions prior to 2.9.3. This issue involves a NULL pointer dereference in the zfp_prec_decompress function located at zfd/blosc2-zfp.c. An attacker can exploit this flaw by manipulating input data, leading to unintended memory access and potential code execution. This can result in serious consequences, including data corruption, unauthorized access, or system crashes. Users are strongly advised to update to the latest version of C-blosc2 to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

C-blosc2 Project C-blosc2

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rz8Y_d
https://www.cve.org/CVERecord?id=CVE-2023-37185
https://nvd.nist.gov/vuln/detail/CVE-2023-37185

Back to Vulnerability Database

CVE-2023-37185

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations