PT-2018-3950 · Hdf+2 · Hdf5+2

Published

2018-09-24

Updated

2022-06-08

CVE-2018-17438

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions HDF5 versions through 1.10.3

Description The issue is related to a lack of protection against division by zero in the H5Dselect.c component of the HDF5 library. This could allow a remote denial of service attack by exploiting the vulnerability with a specially crafted HDF file.

Recommendations For versions through 1.10.3, consider updating to a version that addresses the division by zero issue in the H5D select io() function to prevent potential remote denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

BDU:2023-07614

CVE-2018-17438

OPENSUSE-SU-2022_1912-1

SUSE-SU-2022:1903-1

SUSE-SU-2022:1910-1

SUSE-SU-2022:1911-1

SUSE-SU-2022:1912-1

SUSE-SU-2022:1933-1

Affected Products

Astra Linux

Hdf5

Suse

PT-2018-3950 · Hdf+2 · Hdf5+2

CVE-2018-17438

Weakness Enumeration

Related Identifiers

Affected Products

References · 133