Primary

Context

c-blosc2 Buffer Overflow Vulnerability in compress_chunk_fuzzer

Vulnerability

Patched

A heap-based buffer overflow vulnerability has been identified in the c-blosc2 library, specifically in version 2.17.0 and earlier. This vulnerability was detected in the 'compress_chunk_fuzzer' component during fuzz testing with oss-fuzz. The issue arises in the '_sw32' function, where an unexpected read from an allocated buffer leads to an overflow.

Impact

Exploitation of this vulnerability causes a heap-buffer-overflow, which can potentially be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the application.

Reproduction

The vulnerability can be reproduced by using the c-blosc2 fuzzing tool with a specific input that triggers the buffer overflow. This can be done by running the 'compress_chunk_fuzzer' with the crafted input that causes the overflow, such as through the oss-fuzz infrastructure.

Remediation

Users can upgrade to c-blosc2 version 2.17.1, which addresses this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.2

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.2

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

c-blosc2 Buffer Overflow Vulnerability in compress_chunk_fuzzer

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Blosc c-blosc2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating