Main Vulnerability Database Vulnerabilities #VU37769

Division by zero in HDF5 - CVE-2017-17508

Published: December 11, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU37769

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-17508

CWE-ID: CWE-369

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: HDF Group

Affected software:
HDF5

Detailed vulnerability description

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to division by zero error when processing untrusted input in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. A remote attacker can perform denial of service attack.

How to mitigate CVE-2017-17508

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md

Division by zero in HDF5 - CVE-2017-17508

Detailed vulnerability description

How to mitigate CVE-2017-17508

Sources

Please verify you're human