CVE-2021-37501: Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c. Surprisingly, $URL does appear to contain an upstream report, but it's an image of a response from some HDF5 support person who says they filed a bug, SUPPORT-1508.
Created hdf5 tracking bugs for this issue: Affects: epel-7 [bug 2230282] Affects: epel-8 [bug 2230283]
Created hdf5 tracking bugs for this issue: Affects: fedora-all [bug 2231241] Affects: openstack-rdo [bug 2231242]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-37501
Upstream issue: https://github.com/HDFGroup/hdf5/issues/2458