CVE-2018-13876 — Out-of-bounds Write in Hdf5

CWE-787 — Out-of-bounds Write CWE-121 — Stack-based Buffer Overflow7 documents5 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 39.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hdfgroup Hdf5

Timeline

PublishedJul 10

Latest updateMay 13

Description

An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDread.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDhdfgroup/hdf51.8.20

🔴Vulnerability Details

GHSA

GHSA-4hfp-83mm-q7cp: An issue was discovered in the HDF HDF5 1↗2022-05-13

▶

OSV

CVE-2018-13876: An issue was discovered in the HDF HDF5 1↗2018-07-10

▶

📋Vendor Advisories

Red Hat

hdf5: stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c↗2018-07-10

▶

💬Community

Bugzilla

CVE-2018-13868 CVE-2018-13869 CVE-2018-13870 CVE-2018-13876 hdf5: various flaws [fedora-all]↗2018-07-16

▶

Bugzilla

CVE-2018-13876 hdf5: stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c↗2018-07-16

▶

Bugzilla

CVE-2018-13868 CVE-2018-13869 CVE-2018-13870 CVE-2018-13876 hdf5: various flaws [epel-all]↗2018-07-16

▶