CVE-2024-3203

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing", "name": "https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing", "tags": ["Product"], "refsource": ""}, {"url": "https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing", "name": "https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing", "tags": ["Product"], "refsource": ""}, {"url": "https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3", "name": "https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3", "tags": ["Release Notes"], "refsource": ""}, {"url": "https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3", "name": "https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3", "tags": ["Release Notes"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.259050", "name": "VDB-259050 | CTI Indicators (IOB, IOC, IOA)", "tags": ["Permissions Required", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.259050", "name": "VDB-259050 | CTI Indicators (IOB, IOC, IOA)", "tags": ["Permissions Required", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?id.259050", "name": "VDB-259050 | c-blosc2 ndlz8x8.c ndlz8_decompress heap-based overflow", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?id.259050", "name": "VDB-259050 | c-blosc2 ndlz8x8.c ndlz8_decompress heap-based overflow", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?submit.304556", "name": "Submit #304556 | blosc c-blosc2 1dd1e55cb329d01c210da77ceb53027853c35b72 heap-buffer-overflow", "tags": ["Exploit", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?submit.304556", "name": "Submit #304556 | blosc c-blosc2 1dd1e55cb329d01c210da77ceb53027853c35b72 heap-buffer-overflow", "tags": ["Exploit", "VDB Entry"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-259050 is the identifier assigned to this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-3203", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2024-04-02T22:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:blosc:c-blosc2:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.13.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-04-25T14:45Z"}