Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-4332

Опубликовано: 15 нояб. 2016
Источник: redhat
CVSS3: 8.6
CVSS2: 6.8
EPSS Низкий

Описание

The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.

Multiple heap overflows were found in HDF5. These issues could be used to gain code execution in any program that exposes the affected functions to untrusted input. While HDF5 is shipped as a dependency, no Red Hat products are known to expose these issues in any supported use case at this time.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)hdf5Will not fix
Red Hat OpenShift Enterprise 2hdf5Will not fix
Red Hat OpenStack Platform 10 (Newton)hdf5Will not fix
Red Hat OpenStack Platform 11 (Ocata)hdf5Not affected
Red Hat OpenStack Platform 8 (Liberty)hdf5Will not fix
Red Hat OpenStack Platform 9 (Mitaka)hdf5Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1397707hdf5: Shareable message type out-of-bounds write

EPSS

Процентиль: 30%
0.0011
Низкий

8.6 High

CVSS3

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-4332

CVSS3: 8.6
ubuntu
около 9 лет назад

The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.

nvd логотип

CVE-2016-4332

CVSS3: 8.6
nvd
около 9 лет назад

The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.

debian логотип

CVE-2016-4332

CVSS3: 8.6
debian
около 9 лет назад

The library's failure to check if certain message types support a part ...

github логотип

GHSA-349c-4hpx-25pr

CVSS3: 8.6
github
больше 3 лет назад

The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.

suse-cvrf логотип

SUSE-SU-2024:0882-1

suse-cvrf
почти 2 года назад

Security update for hdf5

EPSS

Процентиль: 30%
0.0011
Низкий

8.6 High

CVSS3

6.8 Medium

CVSS2