CVE-2018-13874 — Out-of-bounds Write in Hdf5

CWE-787 — Out-of-bounds Write CWE-121 — Stack-based Buffer Overflow7 documents5 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 39.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hdfgroup Hdf5

Timeline

PublishedJul 10

Latest updateMay 13

Description

An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDmemset.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDhdfgroup/hdf51.8.20

🔴Vulnerability Details

GHSA

GHSA-6pqp-pgw6-gg79: An issue was discovered in the HDF HDF5 1↗2022-05-13

▶

OSV

CVE-2018-13874: An issue was discovered in the HDF HDF5 1↗2018-07-10

▶

📋Vendor Advisories

Red Hat

hdf5: stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c↗2018-07-10

▶

💬Community

Bugzilla

CVE-2018-13867 CVE-2018-13871 CVE-2018-13872 CVE-2018-13873 CVE-2018-13874 CVE-2018-13875 CVE-2018-14460 hdf5: various flaws [fedora-all]↗2018-07-23

▶

Bugzilla

CVE-2018-13867 CVE-2018-13871 CVE-2018-13872 CVE-2018-13873 CVE-2018-13874 CVE-2018-13875 CVE-2018-14460 hdf5: various flaws [epel-all]↗2018-07-23

▶

Bugzilla

CVE-2018-13874 hdf5: stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c↗2018-07-16

▶