Ubuntu.comUB:CVE-2024-3203CVE-2024-3203
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
0.0004 Low
EPSS
Percentile
15.8%
A vulnerability, which was classified as critical, was found in c-blosc2 up
to 2.13.2. Affected is the function ndlz8_decompress of the file
/src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to
heap-based buffer overflow. It is possible to launch the attack remotely.
The exploit has been disclosed to the public and may be used. Upgrading to
version 2.14.3 is able to address this issue. It is recommended to upgrade
the affected component. VDB-259050 is the identifier assigned to this
vulnerability.
References
drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing
launchpad.net/bugs/cve/CVE-2024-3203
nvd.nist.gov/vuln/detail/CVE-2024-3203
security-tracker.debian.org/tracker/CVE-2024-3203
vuldb.com/?ctiid.259050
vuldb.com/?id.259050
vuldb.com/?submit.304556
www.cve.org/CVERecord?id=CVE-2024-3203
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
0.0004 Low
EPSS
Percentile
15.8%