CVE-2017-17509

Опубликовано: 08 дек. 2017

Источник: redhat

CVSS3: 3.3

EPSS Низкий

Описание

In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.

Отчет

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Whilst the package shipped with Red Hat OpenStack contains the vulnerable code, the packages that use HDF5 do not expose the vulnerable functionality.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)	hdf5	Will not fix
Red Hat OpenStack Platform 10 (Newton)	hdf5	Will not fix
Red Hat OpenStack Platform 11 (Ocata)	hdf5	Will not fix
Red Hat OpenStack Platform 12 (Pike)	hdf5	Will not fix
Red Hat OpenStack Platform 13 (Queens)	hdf5	Will not fix
Red Hat OpenStack Platform 8 (Liberty)	hdf5	Will not fix
Red Hat OpenStack Platform 9 (Mitaka)	hdf5	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-787

https://bugzilla.redhat.com/show_bug.cgi?id=1524911hdf5: Out-of-bounds write in the H5G__ent_decode_vec function

EPSS

Процентиль: 60%

0.00397

Низкий

3.3 Low

CVSS3

Связанные уязвимости

CVE-2017-17509

CVSS3: 8.8

ubuntu

около 8 лет назад

CVE-2017-17509

CVSS3: 8.8

nvd

около 8 лет назад

CVE-2017-17509

CVSS3: 8.8

debian

около 8 лет назад

In HDF5 1.10.1, there is an out of bounds write vulnerability in the f ...

GHSA-c7m2-p727-p675

CVSS3: 8.8

github

больше 3 лет назад

SUSE-SU-2022:1933-1

suse-cvrf

больше 3 лет назад

Security update for hdf5, suse-hpc

EPSS

Процентиль: 60%

0.00397

Низкий

3.3 Low

CVSS3