Vulnerabilities > CVE-2023-37187 - NULL Pointer Dereference vulnerability in Blosc C-Blosc2

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

NVD

Published: 2023-12-25

Updated: 2025-04-25

Summary

C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. function.

Part	Description	Count
Application	Blosc Blosc C Blosc2 2.0.0 Blosc C Blosc2 2.0.1 Blosc C Blosc2 2.0.2 Blosc C Blosc2 2.0.3 Blosc C Blosc2 2.0.4 Blosc C Blosc2 2.1.0 Blosc C Blosc2 2.1.1 Blosc C Blosc2 2.2.0 Blosc C Blosc2 2.3.0 Blosc C Blosc2 2.3.1 Blosc C Blosc2 2.4.0 Blosc C Blosc2 2.4.1 Blosc C Blosc2 2.4.2 Blosc C Blosc2 2.4.3 Blosc C Blosc2 2.5.0 Blosc C Blosc2 2.6.0 Blosc C Blosc2 2.6.1 Blosc C Blosc2 2.7.0 Blosc C Blosc2 2.7.1 Blosc C Blosc2 2.8.0 Blosc C Blosc2 2.9.0 Blosc C Blosc2 2.9.1 Blosc C Blosc2 2.9.2	34