CVE-2018-15671 — Uncontrolled Resource Consumption in Hdf5

CWE-400 — Uncontrolled Resource Consumption8 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 37.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hdfgroup Hdf5 Debian Hdf5

Timeline

PublishedAug 21

Latest updateMay 14

Description

An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/hdf5

▶NVDhdfgroup/hdf51.10.2

🔴Vulnerability Details

GHSA

GHSA-rr7g-hmc4-3pm3: An issue was discovered in the HDF HDF5 1↗2022-05-14

▶

OSV

CVE-2018-15671: An issue was discovered in the HDF HDF5 1↗2018-08-21

▶

📋Vendor Advisories

Red Hat

hdf5: Excessive stack consumption in the function H5P__get_cb() resulting in a denial of service↗2018-08-18

▶

Debian

CVE-2018-15671: hdf5 - An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumpt...↗2018

▶

💬Community

Bugzilla

CVE-2018-15671 CVE-2018-15672 hdf5: various flaws [fedora-all]↗2018-08-23

▶

Bugzilla

CVE-2018-15671 CVE-2018-15672 hdf5: various flaws [epel-all]↗2018-08-23

▶

Bugzilla

CVE-2018-15671 hdf5: Excessive stack consumption in the function H5P__get_cb() resulting in a denial of service↗2018-08-23

▶