CVE-2017-17509 - In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in

CVE-2017-17509

Summary

In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.

References

https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md

Vulnerable Configurations

cpe:2.3:a:hdfgroup:hdf5:1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:hdfgroup:hdf5:1.10.1:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 19-12-2017 - 20:34)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

misc

https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md

Last major update

19-12-2017 - 20:34

Published

11-12-2017 - 03:29

Last modified

19-12-2017 - 20:34