Bug 1579955 (CVE-2018-11204) - CVE-2018-11204 hdf5: NULL pointer dereference in H5O__chunk_deserialize in H5Ocache.c
Summary: CVE-2018-11204 hdf5: NULL pointer dereference in H5O__chunk_deserialize in H5...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-11204
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1579947 1579949 1579964 1584436 1584437 1584438 1584439 1584440 1584441
Blocks: 1579966
TreeView+ depends on / blocked
 
Reported: 2018-05-18 19:58 UTC by Laura Pardo
Modified: 2021-10-21 20:04 UTC (History)
19 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference was discovered in HDF5 1.10.2 within the H5O__chunk_deserialize in H5Ocache.c. This could allow a remote denial of service attack.
Clone Of:
Environment:
Last Closed: 2021-10-21 20:04:21 UTC
Embargoed:

Attachments (Terms of Use)
a plausible fix (897 bytes, patch)
2018-05-21 12:24 UTC, Caolan McNamara 		no flags Details | Diff
View All

Description Laura Pardo 2018-05-18 19:58:57 UTC 
A flaw was found in in the HDF HDF5 1.10.2 library. A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c. It could allow a remote denial of service attack.


References:
https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5
Comment 1 Laura Pardo 2018-05-18 20:16:38 UTC 
Created hdf5 tracking bugs for this issue:

Affects: epel-all [bug 1579947]
Affects: fedora-all [bug 1579949]
Comment 3 Caolan McNamara 2018-05-21 12:24:18 UTC 
Created attachment 1439602 [details]
a plausible fix
Note You need to log in before you can comment on or make changes to this bug.