Bug 1397701 (CVE-2016-4330)

Summary: CVE-2016-4330 hdf5: H5T_ARRAY heap buffer overflow
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abhgupta, apevec, ayoung, ccoleman, c.david86, chrisw, cvsbot-xmlrpc, dedgar, dmcphers, gmollett, hbrock, jgoulding, jialiu, jjoyce, joelsmith, jokerman, jschluet, jslagle, kbasil, lhh, lmeyer, lpeer, markmc, mburns, mmccomas, orion, pertusus, rbryant, rhos-maint, sclewis, tdecacqu, tiwillia
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Multiple heap overflows were found in HDF5. These issues could be used to gain code execution in any program that exposes the affected functions to untrusted input. While HDF5 is shipped as a dependency, no Red Hat products are known to expose these issues in any supported use case at this time.
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-20 21:15:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1397715, 1397716, 1413825, 1470478    
Bug Blocks: 1397712    

Description Andrej Nemec 2016-11-23 08:41:28 UTC
The vulnerability exists due to the library’s failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it. When reading elements from the file into this array, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.

External References:

http://www.talosintelligence.com/reports/TALOS-2016-0176/

Comment 1 Andrej Nemec 2016-11-23 08:54:57 UTC
Created hdf5 tracking bugs for this issue:

Affects: fedora-all [bug 1397715]
Affects: epel-all [bug 1397716]

Comment 3 Kurt Seifried 2017-07-13 02:38:46 UTC
Created hdf5 tracking bugs for this issue:

Affects: openshift-1 [bug 1470478]

Comment 4 Product Security DevOps Team 2020-05-20 21:15:55 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2016-4330