CVE-2021-45830 — Out-of-bounds Write in Hdf5

CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 50.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hdfgroup Hdf5 Debian Hdf5

Timeline

PublishedJan 5

Latest updateJan 6

Description

A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/hdf5< hdf5 1.14.5+repack-1 (forky)

▶Debianhdfgroup/hdf5< 1.14.5+repack-1+1

▶NVDhdfgroup/hdf51.13.1-1

🔴Vulnerability Details

GHSA

GHSA-5h2h-fjjr-x9m2: A heap-based buffer overflow vulnerability exists in HDF5 1↗2022-01-06

▶

OSV

CVE-2021-45830: A heap-based buffer overflow vulnerability exists in HDF5 1↗2022-01-05

▶

📋Vendor Advisories

Red Hat

hdf5: heap buffer overflow vulnerability in H5F_addr_decode_len in /hdf5/src/H5Fint.c↗2022-01-05

▶

Debian

CVE-2021-45830: hdf5 - A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_...↗2021

▶