CVE-2021-45833 — Out-of-bounds Write in Hdf5

CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 50.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hdfgroup Hdf5 Debian Hdf5

Timeline

PublishedJan 5

Latest updateJan 6

Description

A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/hdf5< hdf5 1.14.5+repack-1 (forky)

▶Debianhdfgroup/hdf5< 1.14.5+repack-1+1

▶NVDhdfgroup/hdf51.13.1-1

🔴Vulnerability Details

GHSA

GHSA-x57p-jwp6-4v79: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1↗2022-01-06

▶

OSV

CVE-2021-45833: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1↗2022-01-05

▶

📋Vendor Advisories

Red Hat

hdf5: stack buffer overflow in the H5D__create_chunk_file_map_hyper function↗2022-01-05

▶

Debian

CVE-2021-45833: hdf5 - A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D_...↗2021

▶