CVE-2018-11206 — Out-of-bounds Read in Hdf5

CWE-125 — Out-of-bounds Read8 documents6 sources

Severity

8.1HIGHNVD

EPSS

0.8%

top 26.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hdfgroup Hdf5 Debian Hdf5

Timeline

PublishedMay 16

Latest updateMay 14

Description

An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

▶debiandebian/hdf5< hdf5 1.10.8+repack-1 (bookworm)

▶Debianhdfgroup/hdf5< 1.10.8+repack-1+2

▶NVDhdfgroup/hdf51.10.2

🔴Vulnerability Details

GHSA

GHSA-vf45-6r45-mrvj: An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill↗2022-05-14

▶

OSV

CVE-2018-11206: An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill↗2018-05-16

▶

📋Vendor Advisories

Red Hat

hdf5: out of bounds read in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c↗2018-05-16

▶

Debian

CVE-2018-11206: hdf5 - An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_dec...↗2018

▶

💬Community

Bugzilla

CVE-2018-11206 hdf5: out of bounds read in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c↗2018-05-18

▶

Bugzilla

CVE-2018-11202 CVE-2018-11203 CVE-2018-11204 CVE-2018-11205 CVE-2018-11206 CVE-2018-11207 hdf5: various flaws [fedora-all]↗2018-05-18

▶

Bugzilla

CVE-2018-11202 CVE-2018-11203 CVE-2018-11204 CVE-2018-11205 CVE-2018-11206 CVE-2018-11207 hdf5: various flaws [epel-all]↗2018-05-18

▶