Bug 1625424 – CVE-2018-16438 hdf5: out of bounds read in H5L_extern_query at H5Lexternal.c

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1625424 - (CVE-2018-16438) CVE-2018-16438 hdf5: out of bounds read in H5L_extern_query at H5Lexternal.c

Summary:	CVE-2018-16438 hdf5: out of bounds read in H5L_extern_query at H5Lexternal.c

Status:	NEW

Aliases:	CVE-2018-16438

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20180806,repor...
Keywords:	Security

Depends On:	1625426 1625427 1629505 1629506 1629507 1629508 1629509 1629510
Blocks:	1625428
	Show dependency tree / graph

Reported:	2018-09-04 18:03 EDT by Laura Pardo
Modified:	2018-09-27 02:34 EDT (History)
CC List:	26 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	An out of bounds read in H5L_extern_query at H5Lexternal.c was discovered in the HDF HDF5 1.8.20 library. Using a specially crafted file, an attacker could cause a denial of service condition due to inadequate bounds checking.
Story Points:	---
Clone Of:
Environment:
Last Closed:
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Laura Pardo 2018-09-04 18:03:25 EDT

An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c.


References:
https://github.com/TeamSeri0us/pocs/tree/master/hdf5/h5stat

Comment 1 Laura Pardo 2018-09-04 18:05:02 EDT

Created hdf5 tracking bugs for this issue:

Affects: epel-all [bug 1625427]
Affects: fedora-all [bug 1625426]

Comment 2 James Hebden 2018-09-16 21:16:58 EDT

Reproduced in hdf5 package on all RHOSP editions, using the provided reproducer file from the linked repository (https://github.com/TeamSeri0us/pocs/tree/master/hdf5/h5stat)

h5stat H5L_extern_query\@H5Lexternal.c\:498-10___out-of-bounds-read
Filename: H5L_extern_query@H5Lexternal.c:498-10___out-of-bounds-read
Segmentation fault (core dumped)

No upstream patch or source code analysis has been provided or performed, the backtrace provided in the PoC repository is the current best analysis.

Note You need to log in before you can comment on or make changes to this bug.

abhgupta
anto.trande
apevec
c.david86
chrisw
dakingun
dbaker
hbrock
i.gnatenko.brain
jjoyce
jokerman
jschluet
jslagle
kbasil
lhh
lpeer
markmc
mburns
orion
rbryant
rhos-maint
sclewis
slinaber
sthangav
tdecacqu
trankin