CVE-2021-46243 — NULL Pointer Dereference in Hdf5

CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 48.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hdfgroup Hdf5 Debian Hdf5

Timeline

PublishedJan 21

Latest updateJan 22

Description

An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/hdf5

▶NVDhdfgroup/hdf51.13.1-1

🔴Vulnerability Details

GHSA

GHSA-2rqw-mg55-mp69: An untrusted pointer dereference vulnerability exists in HDF5 v1↗2022-01-22

▶

OSV

CVE-2021-46243: An untrusted pointer dereference vulnerability exists in HDF5 v1↗2022-01-21

▶

📋Vendor Advisories

Red Hat

hdf5: Untrusted pointer dereference via the function H5O__dtype_decode_helper at hdf5/src/H5Odtype.c↗2022-01-21

▶

Debian

CVE-2021-46243: hdf5 - An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the ...↗2021

▶