Vulnerabilities > CVE-2018-17432 - NULL Pointer Dereference vulnerability in Hdfgroup Hdf5

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

hdfgroup

CWE-476

NVD

Published: 2018-09-24

Updated: 2018-11-09

Summary

A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.

Vulnerable Configurations

Part	Description	Count
Application	Hdfgroup Hdfgroup Hdf5 1.4.0 Hdfgroup Hdf5 1.4.1 Hdfgroup Hdf5 1.4.2 Hdfgroup Hdf5 1.4.3 Hdfgroup Hdf5 1.4.4 Hdfgroup Hdf5 1.4.5 Hdfgroup Hdf5 1.6.0 Hdfgroup Hdf5 1.6.1 Hdfgroup Hdf5 1.6.2 Hdfgroup Hdf5 1.6.3 Hdfgroup Hdf5 1.6.4 Hdfgroup Hdf5 1.6.5 Hdfgroup Hdf5 1.6.6 Hdfgroup Hdf5 1.6.7 Hdfgroup Hdf5 1.6.8 Hdfgroup Hdf5 1.6.9 Hdfgroup Hdf5 1.6.10 Hdfgroup Hdf5 1.8.0 Hdfgroup Hdf5 1.8.1 Hdfgroup Hdf5 1.8.2 Hdfgroup Hdf5 1.8.3 Hdfgroup Hdf5 1.8.4 Hdfgroup Hdf5 1.8.5 Hdfgroup Hdf5 1.8.6 Hdfgroup Hdf5 1.8.7 Hdfgroup Hdf5 1.8.8 Hdfgroup Hdf5 1.8.9 Hdfgroup Hdf5 1.8.10 Hdfgroup Hdf5 1.8.11 Hdfgroup Hdf5 1.8.12 Hdfgroup Hdf5 1.8.13 Hdfgroup Hdf5 1.8.14 Hdfgroup Hdf5 1.8.15 Hdfgroup Hdf5 1.8.16 Hdfgroup Hdf5 1.8.17 Hdfgroup Hdf5 1.8.18 Hdfgroup Hdf5 1.8.19 Hdfgroup Hdf5 1.8.20 Hdfgroup Hdf5 1.10.0 Hdfgroup Hdf5 1.10.1 Hdfgroup Hdf5 1.10.2 Hdfgroup Hdf5 1.10.3	42

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode