Lucene search

K
cve[email protected]CVE-2023-37185
HistoryDec 25, 2023 - 7:15 a.m.

CVE-2023-37185

2023-12-2507:15:08
CWE-476
web.nvd.nist.gov
9
cve-2023-37185
c-blosc2
null pointer
dereference
zfp_prec_decompress
nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

21.2%

C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at zfp/blosc2-zfp.c.

Affected configurations

NVD
Node
c-blosc2_projectc-blosc2Range<2.9.3

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

21.2%

Related for CVE-2023-37185