{"id":"CVE-2020-29367","details":"blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.","aliases":["GHSA-8c7c-2c8j-3xfp"],"modified":"2026-07-08T21:26:00.373465Z","published":"2020-11-27T20:15:11.090Z","related":["openSUSE-SU-2020:2337-1","openSUSE-SU-2024:10655-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_STRING","vendor_product":"blosc:c-blosc2","cpes":["cpe:2.3:a:blosc:c-blosc2:2.0.0:alpha2:*:*:*:*:*:*","cpe:2.3:a:blosc:c-blosc2:2.0.0:alpha3:*:*:*:*:*:*","cpe:2.3:a:blosc:c-blosc2:2.0.0:alpha4:*:*:*:*:*:*","cpe:2.3:a:blosc:c-blosc2:2.0.0:alpha5:*:*:*:*:*:*","cpe:2.3:a:blosc:c-blosc2:2.0.0:beta1:*:*:*:*:*:*","cpe:2.3:a:blosc:c-blosc2:2.0.0:beta2:*:*:*:*:*:*","cpe:2.3:a:blosc:c-blosc2:2.0.0:beta3:*:*:*:*:*:*","cpe:2.3:a:blosc:c-blosc2:2.0.0:beta4:*:*:*:*:*:*","cpe:2.3:a:blosc:c-blosc2:2.0.0:beta5:*:*:*:*:*:*"],"extracted_events":[{"introduced":"2.0.0-alpha2"},{"last_affected":"2.0.0-alpha2"},{"introduced":"2.0.0-alpha3"},{"last_affected":"2.0.0-alpha3"},{"introduced":"2.0.0-alpha4"},{"last_affected":"2.0.0-alpha4"},{"introduced":"2.0.0-alpha5"},{"last_affected":"2.0.0-alpha5"},{"introduced":"2.0.0-beta1"},{"last_affected":"2.0.0-beta1"},{"introduced":"2.0.0-beta2"},{"last_affected":"2.0.0-beta2"},{"introduced":"2.0.0-beta3"},{"last_affected":"2.0.0-beta3"},{"introduced":"2.0.0-beta4"},{"last_affected":"2.0.0-beta4"},{"introduced":"2.0.0-beta5"},{"last_affected":"2.0.0-beta5"}]}]},"references":[{"type":"ADVISORY","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26442"},{"type":"FIX","url":"https://github.com/Blosc/c-blosc2/commit/c4c6470e88210afc95262c8b9fcc27e30ca043ee"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/blosc/c-blosc2","events":[{"introduced":"0"},{"fixed":"e54acfbab77381f708b86e6a3e9748b8a4f8c3a2"},{"fixed":"c4c6470e88210afc95262c8b9fcc27e30ca043ee"}],"database_specific":{"extracted_events":[{"introduced":"C-Blosc2"},{"fixed":"2.0.0.beta.5"}],"source":["DESCRIPTION","REFERENCES"]}}],"versions":["v2.0.0.beta.5","v2.0.0-beta.4","v2.0.0-beta.3","v2.0.0-beta.1","v2.0.0a5","v2.0.0a4","v2.0.0a3","v2.0.0a2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-29367.json","vanir_signatures_modified":"2026-07-08T21:26:00Z","vanir_signatures":[{"digest":{"function_hash":"326153899096615029256325386252686542973","length":3847},"id":"CVE-2020-29367-1f559629","signature_type":"Function","signature_version":"v1","source":"https://github.com/blosc/c-blosc2/commit/c4c6470e88210afc95262c8b9fcc27e30ca043ee","target":{"file":"blosc/blosc2.c","function":"blosc_c"},"deprecated":false},{"id":"CVE-2020-29367-523d5c56","signature_type":"Line","signature_version":"v1","source":"https://github.com/blosc/c-blosc2/commit/c4c6470e88210afc95262c8b9fcc27e30ca043ee","target":{"file":"blosc/blosc2.c"},"deprecated":false,"digest":{"line_hashes":["115160810050303563653184790471528932896","239296388202758034129650212160054754506","50187354779896057040248664005612369730","251337963973582722261357795021896307833","74361010105737414546412765371361526619","156676445413465072441604645621974351356","149714139667958978525157298586363627946","19652566344025132376417241588039366240","104629731683891981441487440116730921923","266060646114329049041177282908682509460","22805370599161042853440829602295935062","100671487083616586379641719952851503449","40764622336818957941615300820142616622","199553255100920226857313246531077628494","117078553732038890853034363884693520893","240515191932395467941636730869243545373","210805881206021799918695359593744395845"],"threshold":0.9}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}