PT-2016-5893 · Hdf+1 · Hdf5+1

Publicado

2016-11-18

·

Atualizado

2018-04-24

·

CVE-2016-4333

CVSS v3.1

8.6

Alta

VetorAV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions HDF5 version 1.8.16
Description The issue allows an aggressor to cause the loop's index to point outside the bounds of the array when initializing it, due to the library allocating space for the array using a value from the file. This can have an impact within the loop for initializing the array, allowing a value within the file to modify the loop's terminator.
Recommendations For HDF5 version 1.8.16, consider updating to a newer version that contains a fix for this issue, as using a value from the file to allocate space for the array can lead to out-of-bounds access.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2016-4333
DLA-771-1
DSA-3727-1
MGASA-2016-0425
OPENSUSE-SU-2018:1051-1
OPENSUSE-SU-2018:1056-1
OPENSUSE-SU-2018_1056-1

Produtos afetados

Hdf5
Suse