CVE-2020-10811 — Out-of-bounds Read in Hdf5

CWE-125 — Out-of-bounds Read8 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 37.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hdfgroup Hdf5 Debian Hdf5

Timeline

PublishedMar 22

Latest updateMay 24

Description

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/hdf5< hdf5 1.10.8+repack-1 (bookworm)

▶Debianhdfgroup/hdf5< 1.10.8+repack-1+2

▶NVDhdfgroup/hdf51.12.0

🔴Vulnerability Details

GHSA

GHSA-7ggq-93q3-jv6p: An issue was discovered in HDF5 through 1↗2022-05-24

▶

OSV

CVE-2020-10811: An issue was discovered in HDF5 through 1↗2020-03-22

▶

📋Vendor Advisories

Red Hat

hdf5: Heap-based buffer over-read in function H5O__layout_decode() in H5Olayout.c↗2020-03-22

▶

Debian

CVE-2020-10811: hdf5 - An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read ex...↗2020

▶

💬Community

Bugzilla

CVE-2020-10811 hdf5: Heap-based buffer over-read in function H5O__layout_decode() in H5Olayout.c↗2020-04-24

▶

Bugzilla

CVE-2020-10811 hdf5: Heap-based buffer over-read in function H5O__layout_decode() in H5Olayout.c [fedora-all]↗2020-04-24

▶

Bugzilla

CVE-2020-10811 hdf5: Heap-based buffer over-read in function H5O__layout_decode() in H5Olayout.c [epel-all]↗2020-04-24

▶