CVE-2017-17508 - In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c fil

CVE-2017-17508

Summary

In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.

References

https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md

Vulnerable Configurations

cpe:2.3:a:hdfgroup:hdf5:1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:hdfgroup:hdf5:1.10.1:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 19-12-2017 - 20:35)
Impact:
Exploitability:

CWE

CWE-369

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

misc

https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md

Last major update

19-12-2017 - 20:35

Published

11-12-2017 - 03:29

Last modified

19-12-2017 - 20:35