CVE-2020-10809

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions HDF5 versions prior to 1.12.0

Description A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary, allowing an attacker to cause Denial of Service. The issue is related to a buffer overflow, which occurs when the Decompress() function writes beyond the boundaries of a buffer in memory.

Recommendations For versions prior to 1.12.0, consider disabling the Decompress() function until a patch is available to prevent potential Denial of Service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2024-2134

BDU:2024-07119

CVE-2020-10809

ECHO-0880-B082-0AF6

OESA-2023-1985

OESA-2023-1986

OESA-2023-1987

OESA-2023-1988

OESA-2023-1989

OPENSUSE-SU-2022_1912-1

SUSE-SU-2022:1903-1

SUSE-SU-2022:1910-1

SUSE-SU-2022:1911-1

SUSE-SU-2022:1912-1

SUSE-SU-2022:1933-1

Affected Products

Alt Linux

Debian

Hdf5

Red Os

Suse

CVE-2020-10809

Weakness Enumeration

Related Identifiers

Affected Products

References · 110