Описание
A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| hdf5 | fixed | 1.10.8+repack-1 | package | |
| hdf5 | no-dsa | buster | package | |
| hdf5 | no-dsa | stretch | package | |
| hdf5 | ignored | jessie | package |
Примечания
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode
upstream bug tracker (not public): https://jira.hdfgroup.org/browse/HDFFV-10590
fix planned for HDF5-1.10.6 (will also be backported to HDF5-1.8)
Negligible security impact, malicous scientific data has more issues than a crash
Fixed for 1.10.x in 1.10.8 https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.8/src/hdf5-1.10.8-RELEASE.txt
EPSS
Связанные уязвимости
A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.
A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.
A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.
A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.
Уязвимость функции H5O_sdspace_encode() компонента H5Osdspace.c библиотеки обработки HDF файлов HDF5, позволяющая нарушителю вызвать отказ в обслуживании
EPSS