Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-4333

Опубликовано: 15 нояб. 2016
Источник: redhat
CVSS3: 8.6
CVSS2: 6.8
EPSS Низкий

Описание

The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it.

Multiple heap overflows were found in HDF5. These issues could be used to gain code execution in any program that exposes the affected functions to untrusted input. While HDF5 is shipped as a dependency, no Red Hat products are known to expose these issues in any supported use case at this time.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)hdf5Will not fix
Red Hat OpenShift Enterprise 2hdf5Will not fix
Red Hat OpenStack Platform 10 (Newton)hdf5Will not fix
Red Hat OpenStack Platform 11 (Ocata)hdf5Not affected
Red Hat OpenStack Platform 8 (Liberty)hdf5Will not fix
Red Hat OpenStack Platform 9 (Mitaka)hdf5Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1397708hdf5: H5T_COMPOUND heap buffer overflow

EPSS

Процентиль: 48%
0.0025
Низкий

8.6 High

CVSS3

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-4333

CVSS3: 8.6
ubuntu
около 9 лет назад

The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it.

nvd логотип

CVE-2016-4333

CVSS3: 8.6
nvd
около 9 лет назад

The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it.

debian логотип

CVE-2016-4333

CVSS3: 8.6
debian
около 9 лет назад

The HDF5 1.8.16 library allocating space for the array using a value f ...

github логотип

GHSA-hvm6-p25j-5hjf

CVSS3: 8.6
github
больше 3 лет назад

The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it.

EPSS

Процентиль: 48%
0.0025
Низкий

8.6 High

CVSS3

6.8 Medium

CVSS2