Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-gegr-h3bg-e7av

Summary A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-259051.

Aliases

alias	CVE-2024-3204

Fixed_packages

url	pkg:deb/debian/c-blosc2@2.13.1%2Bds-3?distro=trixie
purl	pkg:deb/debian/c-blosc2@2.13.1%2Bds-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-blosc2@2.13.1%252Bds-3%3Fdistro=trixie

url	pkg:deb/debian/c-blosc2@2.17.1%2Bds-1?distro=trixie
purl	pkg:deb/debian/c-blosc2@2.17.1%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-blosc2@2.17.1%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/c-blosc2@2.23.1%2Bds-1?distro=trixie
purl	pkg:deb/debian/c-blosc2@2.23.1%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-blosc2@2.23.1%252Bds-1%3Fdistro=trixie

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-3204

reference_id

reference_type

scores

value	0.00575
scoring_system	epss
scoring_elements	0.69229
published_at	2026-06-11T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.69327
published_at	2026-06-14T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.69333
published_at	2026-06-13T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.69321
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-3204

reference_url

https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing

reference_id

1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:36:48Z/

url

https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing

reference_url

https://vuldb.com/?ctiid.259051

reference_id

?ctiid.259051

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:36:48Z/

url

https://vuldb.com/?ctiid.259051

reference_url

https://vuldb.com/?id.259051

reference_id

?id.259051

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:36:48Z/

url

https://vuldb.com/?id.259051

reference_url

https://vuldb.com/?submit.304557

reference_id

?submit.304557

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:36:48Z/

url

https://vuldb.com/?submit.304557

reference_url

https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3

reference_id

v2.14.3

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:36:48Z/

url

https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3

Weaknesses

cwe_id	122
name	Heap-based Buffer Overflow
description	A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Exploits

Severity_range_score 7.3 - 7.5

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gegr-h3bg-e7av

Vulnerability Instance