CVE-2020-29367

{"id": "CVE-2020-29367", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-11-27T20:15:11.090", "references": [{"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26442", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/Blosc/c-blosc2/commit/c4c6470e88210afc95262c8b9fcc27e30ca043ee", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26442", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Blosc/c-blosc2/commit/c4c6470e88210afc95262c8b9fcc27e30ca043ee", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data."}, {"lang": "es", "value": "El archivo blosc2.c en Blosc C-Blosc2 hasta versi\u00f3n 2.0.0.beta.5. presenta un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria cuando carece de espacio para escribir datos comprimidos"}], "lastModified": "2025-04-25T16:52:59.580", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blosc:c-blosc2:2.0.0:alpha2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7406AFCF-1E42-4EB2-A451-C920300F0A4C"}, {"criteria": "cpe:2.3:a:blosc:c-blosc2:2.0.0:alpha3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AFF5D14-E754-490F-A3BF-106FB8A9C769"}, {"criteria": "cpe:2.3:a:blosc:c-blosc2:2.0.0:alpha4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBED35CA-043F-4221-9556-9D8A0BB5B0AB"}, {"criteria": "cpe:2.3:a:blosc:c-blosc2:2.0.0:alpha5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D444841F-B5A8-4531-AFE2-CDD08832CC06"}, {"criteria": "cpe:2.3:a:blosc:c-blosc2:2.0.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64F730FC-8189-4BA9-B5B3-3E660714F896"}, {"criteria": "cpe:2.3:a:blosc:c-blosc2:2.0.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7353452-D2B7-455D-99B7-BF50528A5C8C"}, {"criteria": "cpe:2.3:a:blosc:c-blosc2:2.0.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B98A7279-663F-4459-8DCD-648A2EE5F7DB"}, {"criteria": "cpe:2.3:a:blosc:c-blosc2:2.0.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E1508A5-4D21-4247-97A7-31E02A4C3594"}, {"criteria": "cpe:2.3:a:blosc:c-blosc2:2.0.0:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "814AF691-FA03-4159-8F4C-92B69B3FED84"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}