CVE-2017-17509 — Out-of-bounds Write in Hdf5

CWE-787 — Out-of-bounds Write8 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 40.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hdfgroup Hdf5 Debian Hdf5

Timeline

PublishedDec 11

Latest updateMay 17

Description

In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/hdf5< hdf5 1.10.4+repack-1 (bookworm)

▶Debianhdfgroup/hdf5< 1.10.4+repack-1+3

▶NVDhdfgroup/hdf51.10.1

🔴Vulnerability Details

GHSA

GHSA-c7m2-p727-p675: In HDF5 1↗2022-05-17

▶

OSV

CVE-2017-17509: In HDF5 1↗2017-12-11

▶

📋Vendor Advisories

Red Hat

hdf5: Out-of-bounds write in the H5G__ent_decode_vec function↗2017-12-08

▶

Debian

CVE-2017-17509: hdf5 - In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5...↗2017

▶

💬Community

Bugzilla

CVE-2017-17509 hdf5: Out-of-bounds write in the H5G__ent_decode_vec function↗2017-12-12

▶

Bugzilla

CVE-2017-17505 CVE-2017-17506 CVE-2017-17507 CVE-2017-17508 CVE-2017-17509 hdf5: various flaws [fedora-all]↗2017-12-12

▶

Bugzilla

CVE-2017-17505 CVE-2017-17506 CVE-2017-17507 CVE-2017-17508 CVE-2017-17509 hdf5: various flaws [epel-all]↗2017-12-12

▶