2234888 – (CVE-2020-18232) CVE-2020-18232 hdf5: Buffer Overflow in function H5S_close in H5S.c

Bug 2234888 (CVE-2020-18232) - CVE-2020-18232 hdf5: Buffer Overflow in function H5S_close in H5S.c

Summary: CVE-2020-18232 hdf5: Buffer Overflow in function H5S_close in H5S.c

Keywords:
Status:	NEW
Alias:	CVE-2020-18232
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2239445 2234892 2239444 2239446
Blocks:	2234894
TreeView+	depends on / blocked

Reported:	2023-08-25 17:25 UTC by Pedro Sampaio
Modified:	2024-03-04 13:34 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2023-08-25 17:25:21 UTC

Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file.

References:

https://github.com/winson2004aa/PAAFS/tree/master/vul2

Comment 2 Avinash Hanwate 2023-09-18 12:44:25 UTC

Created hdf5 tracking bugs for this issue:

Affects: epel-all [bug 2239445]
Affects: fedora-all [bug 2239444]
Affects: openstack-rdo [bug 2239446]

Comment 3 Vipul Nair 2023-12-10 17:41:26 UTC

changed the attack vector to network,as my understanding while this does require local authenticated account,it can still be exploited over the network.Please let me know if that is wrong.

Note You need to log in before you can comment on or make changes to this bug.