CVE-2018-13869Improper Restriction of Operations within the Bounds of a Memory Buffer in Hdf5

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 32.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Hdfgroup Hdf5Debian Hdf5
Timeline
PublishedJul 10
Latest updateMay 14

Description

An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

debiandebian/hdf5< hdf5 1.10.7+repack-1 (bookworm)
Debianhdfgroup/hdf5< 1.10.7+repack-1+2
NVDhdfgroup/hdf51.8.20

🔴Vulnerability Details

2
GHSA
GHSA-837v-w7pw-f87j: An issue was discovered in the HDF HDF5 12022-05-14
OSV
CVE-2018-13869: An issue was discovered in the HDF HDF5 12018-07-10

📋Vendor Advisories

2
Red Hat
hdf5: memcpy parameter overlap in the function H5O_link_decode in H5Olink.c2018-07-10
Debian
CVE-2018-13869: hdf5 - An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parame...2018

💬Community

3
Bugzilla
CVE-2018-13868 CVE-2018-13869 CVE-2018-13870 CVE-2018-13876 hdf5: various flaws [fedora-all]2018-07-16
Bugzilla
CVE-2018-13868 CVE-2018-13869 CVE-2018-13870 CVE-2018-13876 hdf5: various flaws [epel-all]2018-07-16
Bugzilla
CVE-2018-13869 hdf5: memcpy parameter overlap in the function H5O_link_decode in H5Olink.c2018-07-16