CVE-2023-37186

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-37186
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37186.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-37186
Published
2023-12-25T07:15:08.980Z
Modified
2026-04-12T05:13:26.063283Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset.

References

Affected packages

Git / github.com/blosc/c-blosc2

Affected ranges

Type
GIT
Repo
https://github.com/blosc/c-blosc2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
48e7cdf4a901ee11461548474f5581671e3a72f5
Fixed
d55bfcd6804699e1435dc3e233fd76c8a5d3f9e3
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.9.3"
        }
    ]
}

Affected versions

v2.*
v2.0.0
v2.0.0-beta.1
v2.0.0-beta.3
v2.0.0-beta.4
v2.0.0-rc2
v2.0.0.beta.5
v2.0.0.rc1
v2.0.0a2
v2.0.0a3
v2.0.0a4
v2.0.0a5
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.1.0
v2.1.1
v2.2.0
v2.3.0
v2.3.1
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.5.0
v2.6.0
v2.6.1
v2.7.0
v2.7.1
v2.8.0
v2.9.0
v2.9.1
v2.9.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37186.json"
vanir_signatures_modified 
"2026-04-12T05:13:26Z"
vanir_signatures 
[
    {
        "target": {
            "file": "plugins/codecs/ndlz/ndlz8x8.c",
            "function": "ndlz8_decompress"
        },
        "id": "CVE-2023-37186-1cb15b07",
        "source": "https://github.com/blosc/c-blosc2/commit/d55bfcd6804699e1435dc3e233fd76c8a5d3f9e3",
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 3645.0,
            "function_hash": "146919106427007741675961541555972675378"
        },
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "plugins/codecs/ndlz/ndlz4x4.c"
        },
        "id": "CVE-2023-37186-40312202",
        "source": "https://github.com/blosc/c-blosc2/commit/d55bfcd6804699e1435dc3e233fd76c8a5d3f9e3",
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "284644564871560395031823978751146622802",
                "259988097614610770634210924022136080176",
                "237637632680928547375923788696245064825",
                "134786824113869052336118797773868031310",
                "105972114541852821726887561216529092735",
                "323404721935276191140207361967866589359",
                "103123440813842697078788099789547451983",
                "257147517797473910335875501102771004660",
                "15161605549652625441111971767403089889",
                "280084852669335542060357386473820870676",
                "67666774361360027865234251456850755313",
                "56638954889315033661455584495367340908"
            ]
        },
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "plugins/codecs/ndlz/ndlz8x8.c",
            "function": "ndlz8_compress"
        },
        "id": "CVE-2023-37186-7b20765a",
        "source": "https://github.com/blosc/c-blosc2/commit/d55bfcd6804699e1435dc3e233fd76c8a5d3f9e3",
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 6393.0,
            "function_hash": "69129091049538887291757886154371895400"
        },
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "plugins/codecs/ndlz/ndlz4x4.c",
            "function": "ndlz4_compress"
        },
        "id": "CVE-2023-37186-a10c0ca5",
        "source": "https://github.com/blosc/c-blosc2/commit/d55bfcd6804699e1435dc3e233fd76c8a5d3f9e3",
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 8126.0,
            "function_hash": "262766768377696647134323135184172257293"
        },
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "plugins/codecs/ndlz/ndlz8x8.c"
        },
        "id": "CVE-2023-37186-aa706f33",
        "source": "https://github.com/blosc/c-blosc2/commit/d55bfcd6804699e1435dc3e233fd76c8a5d3f9e3",
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "27940575242577957192841613195859045402",
                "19163516765502877277726091465351856504",
                "237637632680928547375923788696245064825",
                "134786824113869052336118797773868031310",
                "96354884259672016542472403470554416197",
                "69655294272752359895159451281985748648",
                "112801813214848531896544321823686406258",
                "88597382551719425977518487706069644681",
                "250990342946729438311667336506245293746",
                "64145886058038125384270726580103900997",
                "119655836128770125026908261796110446699",
                "65464479371713294214125694384448618273"
            ]
        },
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "plugins/codecs/ndlz/ndlz4x4.c",
            "function": "ndlz4_decompress"
        },
        "id": "CVE-2023-37186-e0249b07",
        "source": "https://github.com/blosc/c-blosc2/commit/d55bfcd6804699e1435dc3e233fd76c8a5d3f9e3",
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 4296.0,
            "function_hash": "188508274418288993427141110632934921779"
        },
        "signature_version": "v1"
    }
]