CVE-2023-37187
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2023-37187 is a newly identified vulnerability affecting C-blosc2 versions prior to 2.9.3. This issue involves a NULL pointer dereference within the zsf_acc_decompress function located in zfp/blosc2-zsf.c. An attacker could potentially exploit this flaw by manipulating input data to trigger the NULL pointer dereference, leading to unintended program behavior or crashes, and potentially gaining unauthorized access to the system. Successful exploitation of this vulnerability could result in serious consequences, including data corruption, denial of service, or even complete system compromise. It is recommended that users promptly update their C-blosc2 installations to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- C-blosc2 Project C-blosc2