CVE-2023-37187

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 25, 2023
Updated: Dec 29, 2023
CWE ID 476

Summary

CVE-2023-37187 is a newly identified vulnerability affecting C-blosc2 versions prior to 2.9.3. This issue involves a NULL pointer dereference within the zsf_acc_decompress function located in zfp/blosc2-zsf.c. An attacker could potentially exploit this flaw by manipulating input data to trigger the NULL pointer dereference, leading to unintended program behavior or crashes, and potentially gaining unauthorized access to the system. Successful exploitation of this vulnerability could result in serious consequences, including data corruption, denial of service, or even complete system compromise. It is recommended that users promptly update their C-blosc2 installations to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share