CVE-2020-29367

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-29367

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-29367.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-29367

Aliases

GHSA-8c7c-2c8j-3xfp

Downstream

openSUSE-SU-2020:2337-1

openSUSE-SU-2024:10655-1

Related

Published

2020-11-27T20:15:11.090Z

Modified

2026-01-31T23:41:29.471782Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.

References

Affected packages

Git / github.com/blosc/c-blosc2

Affected ranges

Type: GIT
Repo: https://github.com/blosc/c-blosc2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c4c6470e88210afc95262c8b9fcc27e30ca043ee

Affected versions

v2.*

v2.0.0-beta.1

v2.0.0-beta.2

v2.0.0-beta.3

v2.0.0-beta.4

v2.0.0.beta.5

v2.0.0a2

v2.0.0a3

v2.0.0a4

v2.0.0a5

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "source": "https://github.com/blosc/c-blosc2/commit/c4c6470e88210afc95262c8b9fcc27e30ca043ee",
        "target": {
            "file": "blosc/blosc2.c",
            "function": "blosc_c"
        },
        "id": "CVE-2020-29367-1f559629",
        "signature_version": "v1",
        "digest": {
            "function_hash": "326153899096615029256325386252686542973",
            "length": 3847.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/blosc/c-blosc2/commit/c4c6470e88210afc95262c8b9fcc27e30ca043ee",
        "target": {
            "file": "blosc/blosc2.c"
        },
        "id": "CVE-2020-29367-523d5c56",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "115160810050303563653184790471528932896",
                "239296388202758034129650212160054754506",
                "50187354779896057040248664005612369730",
                "251337963973582722261357795021896307833",
                "74361010105737414546412765371361526619",
                "156676445413465072441604645621974351356",
                "149714139667958978525157298586363627946",
                "19652566344025132376417241588039366240",
                "104629731683891981441487440116730921923",
                "266060646114329049041177282908682509460",
                "22805370599161042853440829602295935062",
                "100671487083616586379641719952851503449",
                "40764622336818957941615300820142616622",
                "199553255100920226857313246531077628494",
                "117078553732038890853034363884693520893",
                "240515191932395467941636730869243545373",
                "210805881206021799918695359593744395845"
            ]
        },
        "deprecated": false
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-29367.json"