Описание
In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.
Multiple heap overflows were found in HDF5. These issues could be used to gain code execution in any program that exposes the affected functions to untrusted input. While HDF5 is shipped as a dependency, no Red Hat products are known to expose these issues in any supported use case at this time.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | hdf5 | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | hdf5 | Will not fix | ||
| Red Hat OpenStack Platform 10 (Newton) | hdf5 | Will not fix | ||
| Red Hat OpenStack Platform 11 (Ocata) | hdf5 | Not affected | ||
| Red Hat OpenStack Platform 8 (Liberty) | hdf5 | Will not fix | ||
| Red Hat OpenStack Platform 9 (Mitaka) | hdf5 | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
8.6 High
CVSS3
6.8 Medium
CVSS2
Связанные уязвимости
In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.
In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.
In the HDF5 1.8.16 library's failure to check if the number of dimensi ...
In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.
EPSS
8.6 High
CVSS3
6.8 Medium
CVSS2