CVE-2020-10809Out-of-bounds Write in Hdf5

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow8 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.5%
top 35.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Hdfgroup Hdf5Debian Hdf5
Timeline
PublishedMar 22
Latest updateMay 24

Description

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDhdfgroup/hdf51.12.0
debiandebian/hdf5

🔴Vulnerability Details

2
GHSA
GHSA-xq3f-wxh6-25rp: An issue was discovered in HDF5 through 12022-05-24
OSV
CVE-2020-10809: An issue was discovered in HDF5 through 12020-03-22

📋Vendor Advisories

2
Red Hat
hdf5: Heap-based buffer overflow in function Decompress() in decompress.c2020-03-22
Debian
CVE-2020-10809: hdf5 - An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exi...2020

💬Community

3
Bugzilla
CVE-2020-10809 hdf5: Heap-based buffer overflow in function Decompress() in decompress.c [epel-all]2020-04-24
Bugzilla
CVE-2020-10809 hdf5: Heap-based buffer overflow in function Decompress() in decompress.c [fedora-all]2020-04-24
Bugzilla
CVE-2020-10809 hdf5: Heap-based buffer overflow in function Decompress() in decompress.c2020-04-24