Описание
When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.
Multiple heap overflows were found in HDF5. These issues could be used to gain code execution in any program that exposes the affected functions to untrusted input. While HDF5 is shipped as a dependency, no Red Hat products are known to expose these issues in any supported use case at this time.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | hdf5 | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | hdf5 | Will not fix | ||
| Red Hat OpenStack Platform 10 (Newton) | hdf5 | Will not fix | ||
| Red Hat OpenStack Platform 11 (Ocata) | hdf5 | Not affected | ||
| Red Hat OpenStack Platform 8 (Liberty) | hdf5 | Will not fix | ||
| Red Hat OpenStack Platform 9 (Mitaka) | hdf5 | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
8.6 High
CVSS3
6.8 Medium
CVSS2
Связанные уязвимости
When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.
When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.
When decoding data out of a dataset encoded with the H5Z_NBIT decoding ...
When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.
EPSS
8.6 High
CVSS3
6.8 Medium
CVSS2