Описание
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.
Отчет
HDF5 is included as part of a loose dependency trail from python3-hardware package. There is a very low likelihood that an attacker would be able to exploit this vulnerability in a meaningful way in both OpenShift and OpenStack In OpenShift 4.3, hdf5 is included in the container openshift/ironic-hardware-inventory-recorder-image, the dependency tail is: python3-hardware -> python3-pandas -> python3-tables -> hdf5
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 4 | hdf5 | Will not fix | ||
| Red Hat OpenStack Platform 10 (Newton) | hdf5 | Will not fix | ||
| Red Hat OpenStack Platform 13 (Queens) | hdf5 | Will not fix | ||
| Red Hat OpenStack Platform 15 (Stein) | hdf5 | Will not fix | ||
| Red Hat OpenStack Platform 16 (Train) | hdf5 | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.
Уязвимость функции H5O__layout_decode() в файле H5Olayout.c. библиотеки HDF5, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.5 Medium
CVSS3