CVE-2023-37188

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-37188
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-37188.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-37188
Published
2023-12-25T07:15:09.347Z
Modified
2025-12-12T21:52:30.757854Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfpratedecompress at zfp/blosc2-zfp.c.

References

Affected packages

Git / github.com/blosc/c-blosc2

Affected ranges

Type
GIT
Repo
https://github.com/blosc/c-blosc2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
425e8a9a59d49378d57e2116b6c9b0190a5986f5

Affected versions

v2.*

v2.0.0
v2.0.0-beta.1
v2.0.0-beta.2
v2.0.0-beta.3
v2.0.0-beta.4
v2.0.0-rc2
v2.0.0.beta.5
v2.0.0.rc1
v2.0.0a2
v2.0.0a3
v2.0.0a4
v2.0.0a5
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.1.0
v2.1.1
v2.2.0
v2.3.0
v2.3.1
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.5.0
v2.6.0
v2.6.1
v2.7.0
v2.7.1
v2.8.0
v2.9.0
v2.9.1
v2.9.2

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "94127332930328714979693753838572680684",
            "length": 2092.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2023-37188-243262aa",
        "target": {
            "file": "plugins/codecs/zfp/blosc2-zfp.c",
            "function": "zfp_acc_decompress"
        },
        "source": "https://github.com/blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5"
    },
    {
        "digest": {
            "function_hash": "84999816630490408576061315651453273397",
            "length": 2126.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2023-37188-4f2d316c",
        "target": {
            "file": "plugins/codecs/zfp/blosc2-zfp.c",
            "function": "zfp_rate_decompress"
        },
        "source": "https://github.com/blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "161527728979400029412440444892036809933",
                "21137111373737748289023170854430580492",
                "140013078349516273885791395039023446130",
                "214791312930363697288435407393345526869",
                "30279173499786461662774045591952334647",
                "17059637026080409842366646942312157571",
                "289805975329791131923105996838758108189",
                "17317268047504292008235798067686073659",
                "161527728979400029412440444892036809933",
                "147684375185758393188901203572542378077",
                "69813893332901692759865926115812557276",
                "307567409048620837880448517465486490573",
                "30279173499786461662774045591952334647",
                "17059637026080409842366646942312157571",
                "289805975329791131923105996838758108189",
                "17317268047504292008235798067686073659",
                "161527728979400029412440444892036809933",
                "301784655629111742594683156765617453306",
                "223991770995064550130844361093166911378",
                "50378428659861916935466505186264407059",
                "30279173499786461662774045591952334647",
                "17059637026080409842366646942312157571",
                "289805975329791131923105996838758108189",
                "17317268047504292008235798067686073659"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "id": "CVE-2023-37188-5aea0ff0",
        "target": {
            "file": "plugins/codecs/zfp/blosc2-zfp.c"
        },
        "source": "https://github.com/blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5"
    },
    {
        "digest": {
            "function_hash": "213766312587182360207495961885289091047",
            "length": 3060.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2023-37188-5e3a8272",
        "target": {
            "file": "plugins/codecs/zfp/blosc2-zfp.c",
            "function": "zfp_rate_compress"
        },
        "source": "https://github.com/blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5"
    },
    {
        "digest": {
            "function_hash": "33668023146656601829651730774272162036",
            "length": 3082.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2023-37188-ec4f3bbf",
        "target": {
            "file": "plugins/codecs/zfp/blosc2-zfp.c",
            "function": "zfp_prec_compress"
        },
        "source": "https://github.com/blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5"
    },
    {
        "digest": {
            "function_hash": "155714164167155645323941631240721333322",
            "length": 2701.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2023-37188-fde65889",
        "target": {
            "file": "plugins/codecs/zfp/blosc2-zfp.c",
            "function": "zfp_acc_compress"
        },
        "source": "https://github.com/blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5"
    },
    {
        "digest": {
            "function_hash": "292854444698699780685408884530219144817",
            "length": 2473.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2023-37188-ff2f781f",
        "target": {
            "file": "plugins/codecs/zfp/blosc2-zfp.c",
            "function": "zfp_prec_decompress"
        },
        "source": "https://github.com/blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5"
    }
]