SB2020123009 - openEuler 20.03 LTS update for hdf5

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020123009

SB2020123009 - openEuler 20.03 LTS update for hdf5

Published: December 30, 2020

Security Bulletin ID SB2020123009
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Medium 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2018-13873)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to buffer over-read in H5O_chunk_deserialize in H5Ocache.c. A remote attacker can perform a denial of service attack.


2) Out-of-bounds read (CVE-ID: CVE-2018-13870)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the function H5O_link_decode in H5Olink.c. A remote attacker can perform a denial of service attack.


3) Buffer overflow (CVE-ID: CVE-2018-13869)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c.


4) Out-of-bounds read (CVE-ID: CVE-2017-17506)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.


5) NULL pointer dereference (CVE-ID: CVE-2018-17432)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5. A remote attacker can trick the victim into opening specially crafted HDF5 file and perform a denial of service attack.


6) Out-of-bounds read (CVE-ID: CVE-2018-17435)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the H5O_attr_decode() function in H5Oattr.c in the HDF HDF5 when converting an HDF file to GIF file. A remote attacker can trick the victim into opening a specially crafted HDF5 file and perform a denial of service attack.


Remediation

Install update from vendor's website.

References