Vulnerabilities > CVE-2020-10809 - Out-of-bounds Write vulnerability in Hdfgroup Hdf5

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

hdfgroup

CWE-787

NVD

Published: 2020-03-22

Updated: 2020-04-30

Summary

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.

Vulnerable Configurations

Part	Description	Count
Application	Hdfgroup Hdfgroup Hdf5 1.4.0 Hdfgroup Hdf5 1.4.1 Hdfgroup Hdf5 1.4.2 Hdfgroup Hdf5 1.4.3 Hdfgroup Hdf5 1.4.4 Hdfgroup Hdf5 1.4.5 Hdfgroup Hdf5 1.6.0 Hdfgroup Hdf5 1.6.1 Hdfgroup Hdf5 1.6.2 Hdfgroup Hdf5 1.6.3 Hdfgroup Hdf5 1.6.4 Hdfgroup Hdf5 1.6.5 Hdfgroup Hdf5 1.6.6 Hdfgroup Hdf5 1.6.7 Hdfgroup Hdf5 1.6.8 Hdfgroup Hdf5 1.6.9 Hdfgroup Hdf5 1.6.10 Hdfgroup Hdf5 1.8.0 Hdfgroup Hdf5 1.8.1 Hdfgroup Hdf5 1.8.2 Hdfgroup Hdf5 1.8.3 Hdfgroup Hdf5 1.8.4 Hdfgroup Hdf5 1.8.5 Hdfgroup Hdf5 1.8.6 Hdfgroup Hdf5 1.8.7 Hdfgroup Hdf5 1.8.8 Hdfgroup Hdf5 1.8.9 Hdfgroup Hdf5 1.8.10 Hdfgroup Hdf5 1.8.11 Hdfgroup Hdf5 1.8.12 Hdfgroup Hdf5 1.8.13 Hdfgroup Hdf5 1.8.14 Hdfgroup Hdf5 1.8.15 Hdfgroup Hdf5 1.8.16 Hdfgroup Hdf5 1.8.17 Hdfgroup Hdf5 1.8.18 Hdfgroup Hdf5 1.8.19 Hdfgroup Hdf5 1.8.20 Hdfgroup Hdf5 1.10.0 Hdfgroup Hdf5 1.10.1 Hdfgroup Hdf5 1.10.2 Hdfgroup Hdf5 1.10.3 Hdfgroup Hdf5 1.10.4 Hdfgroup Hdf5 1.12.0	44

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References