{"id":"CVE-2023-37186","details":"C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset.","modified":"2026-04-12T05:13:26.063283Z","published":"2023-12-25T07:15:08.980Z","references":[{"type":"ADVISORY","url":"https://github.com/Blosc/c-blosc2/compare/v2.9.2...v2.9.3"},{"type":"REPORT","url":"https://github.com/Blosc/c-blosc2/issues/522"},{"type":"FIX","url":"https://github.com/Blosc/c-blosc2/commit/d55bfcd6804699e1435dc3e233fd76c8a5d3f9e3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/blosc/c-blosc2","events":[{"introduced":"0"},{"fixed":"48e7cdf4a901ee11461548474f5581671e3a72f5"},{"fixed":"d55bfcd6804699e1435dc3e233fd76c8a5d3f9e3"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.9.3"}]}}],"versions":["v2.0.0","v2.0.0-beta.1","v2.0.0-beta.3","v2.0.0-beta.4","v2.0.0-rc2","v2.0.0.beta.5","v2.0.0.rc1","v2.0.0a2","v2.0.0a3","v2.0.0a4","v2.0.0a5","v2.0.1","v2.0.2","v2.0.3","v2.0.4","v2.1.0","v2.1.1","v2.2.0","v2.3.0","v2.3.1","v2.4.0","v2.4.1","v2.4.2","v2.4.3","v2.5.0","v2.6.0","v2.6.1","v2.7.0","v2.7.1","v2.8.0","v2.9.0","v2.9.1","v2.9.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37186.json","vanir_signatures_modified":"2026-04-12T05:13:26Z","vanir_signatures":[{"signature_version":"v1","source":"https://github.com/blosc/c-blosc2/commit/d55bfcd6804699e1435dc3e233fd76c8a5d3f9e3","digest":{"function_hash":"146919106427007741675961541555972675378","length":3645},"id":"CVE-2023-37186-1cb15b07","target":{"file":"plugins/codecs/ndlz/ndlz8x8.c","function":"ndlz8_decompress"},"signature_type":"Function","deprecated":false},{"signature_version":"v1","source":"https://github.com/blosc/c-blosc2/commit/d55bfcd6804699e1435dc3e233fd76c8a5d3f9e3","digest":{"threshold":0.9,"line_hashes":["284644564871560395031823978751146622802","259988097614610770634210924022136080176","237637632680928547375923788696245064825","134786824113869052336118797773868031310","105972114541852821726887561216529092735","323404721935276191140207361967866589359","103123440813842697078788099789547451983","257147517797473910335875501102771004660","15161605549652625441111971767403089889","280084852669335542060357386473820870676","67666774361360027865234251456850755313","56638954889315033661455584495367340908"]},"id":"CVE-2023-37186-40312202","target":{"file":"plugins/codecs/ndlz/ndlz4x4.c"},"signature_type":"Line","deprecated":false},{"signature_version":"v1","source":"https://github.com/blosc/c-blosc2/commit/d55bfcd6804699e1435dc3e233fd76c8a5d3f9e3","digest":{"function_hash":"69129091049538887291757886154371895400","length":6393},"id":"CVE-2023-37186-7b20765a","target":{"file":"plugins/codecs/ndlz/ndlz8x8.c","function":"ndlz8_compress"},"signature_type":"Function","deprecated":false},{"signature_version":"v1","source":"https://github.com/blosc/c-blosc2/commit/d55bfcd6804699e1435dc3e233fd76c8a5d3f9e3","digest":{"function_hash":"262766768377696647134323135184172257293","length":8126},"id":"CVE-2023-37186-a10c0ca5","target":{"file":"plugins/codecs/ndlz/ndlz4x4.c","function":"ndlz4_compress"},"signature_type":"Function","deprecated":false},{"signature_version":"v1","source":"https://github.com/blosc/c-blosc2/commit/d55bfcd6804699e1435dc3e233fd76c8a5d3f9e3","digest":{"threshold":0.9,"line_hashes":["27940575242577957192841613195859045402","19163516765502877277726091465351856504","237637632680928547375923788696245064825","134786824113869052336118797773868031310","96354884259672016542472403470554416197","69655294272752359895159451281985748648","112801813214848531896544321823686406258","88597382551719425977518487706069644681","250990342946729438311667336506245293746","64145886058038125384270726580103900997","119655836128770125026908261796110446699","65464479371713294214125694384448618273"]},"id":"CVE-2023-37186-aa706f33","target":{"file":"plugins/codecs/ndlz/ndlz8x8.c"},"signature_type":"Line","deprecated":false},{"signature_version":"v1","source":"https://github.com/blosc/c-blosc2/commit/d55bfcd6804699e1435dc3e233fd76c8a5d3f9e3","digest":{"function_hash":"188508274418288993427141110632934921779","length":4296},"id":"CVE-2023-37186-e0249b07","target":{"file":"plugins/codecs/ndlz/ndlz4x4.c","function":"ndlz4_decompress"},"signature_type":"Function","deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}