CVE-2020-29367

HIGH

Blosc C-Blosc2 <2.0.0.beta.5 - Buffer Overflow

Title source: llm
STIX 2.1

Description

blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.

References (2)

Core 2
Core References
Mailing List, Third Party Advisory x_refsource_misc
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26442

Scores

CVSS v3 7.8
EPSS 0.0118
EPSS Percentile 63.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (2)
blosc/c-blosc2 2.0.0 alpha2 (9 CPE variants)
pypi/blosc2 0 - 0.1.7PyPI
Published Nov 27, 2020
Tracked Since Feb 18, 2026