[Bug 1179914] New: VUL-0: CVE-2020-29367: blosc: heap-based buffer overflow when there is a lack of space to write compressed data
http://bugzilla.opensuse.org/show_bug.cgi?id=1179914 Bug ID: 1179914 Summary: VUL-0: CVE-2020-29367: blosc: heap-based buffer overflow when there is a lack of space to write compressed data Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other URL: https://smash.suse.de/issue/272427/ OS: Other Status: NEW Severity: Critical Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: wolfgang.frisch@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2020-29367 blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data. References: https://github.com/Blosc/c-blosc2/commit/c4c6470e88210afc95262c8b9fcc27e30ca... https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26442 https://bugzilla.redhat.com/show_bug.cgi?id=1903232 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29367 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29367 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1179914
Wolfgang Frisch
participants (1)
-
bugzilla_noreply@suse.com