SB2018071034 - Multiple vulnerabilities in HDF5

Description

This security bulletin contains information about 17 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2018-16438)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c.

2) Out-of-bounds read (CVE-ID: CVE-2018-14460)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c. A remote attacker can perform a denial of service attack.

3) Out-of-bounds read (CVE-ID: CVE-2018-14031)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the function H5T_copy in H5T.c. A remote attacker can perform a denial of service attack.

4) Out-of-bounds read (CVE-ID: CVE-2018-14033)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy. A remote attacker can perform a denial of service attack.

5) Out-of-bounds read (CVE-ID: CVE-2018-14034)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c.

6) Out-of-bounds read (CVE-ID: CVE-2018-14035)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c. A remote attacker can perform a denial of service attack.

7) Out-of-bounds read (CVE-ID: CVE-2018-13866)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c. A remote attacker can perform a denial of service attack.

8) Out-of-bounds read (CVE-ID: CVE-2018-13867)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c.

9) Out-of-bounds read (CVE-ID: CVE-2018-13868)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the function H5O_fill_old_decode in H5Ofill.c. A remote attacker can perform a denial of service attack.

10) Buffer overflow (CVE-ID: CVE-2018-13869)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c.

11) Out-of-bounds read (CVE-ID: CVE-2018-13870)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the function H5O_link_decode in H5Olink.c. A remote attacker can perform a denial of service attack.

12) Buffer overflow (CVE-ID: CVE-2018-13871)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FL_blk_malloc in H5FL.c.

13) Buffer overflow (CVE-ID: CVE-2018-13872)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5G_ent_decode in H5Gent.c.

14) Out-of-bounds read (CVE-ID: CVE-2018-13873)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to buffer over-read in H5O_chunk_deserialize in H5Ocache.c. A remote attacker can perform a denial of service attack.

15) Buffer overflow (CVE-ID: CVE-2018-13874)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDmemset.

16) Out-of-bounds read (CVE-ID: CVE-2018-13875)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c.

17) Buffer overflow (CVE-ID: CVE-2018-13876)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDread.

Remediation

Install update from vendor's website.

References

• https://github.com/TeamSeri0us/pocs/tree/master/hdf5/h5stat
• https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README3.md
• https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
• https://github.com/TeamSeri0us/pocs/tree/master/hdf5